Close Open Privacy Scan

bolt Snapshot: commit af21ab6
science engine v2
schedule 2026-07-03T11:15:25.127310+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100
Low privacy risk

Low risk · 798 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 798 low
First-party packages: 43
Dependency packages: 0
Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party
expand_more 329 low-confidence finding(s)
low env_fs production #299402f553fe85c0 Filesystem access.
repo/docs/.vitepress/buildEnd.config.ts:49
  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea2bf7ab923a8d5a Environment-variable access.
repo/docs/.vitepress/config.ts:26
const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01a5ccbaf55f2abd Environment-variable access.
repo/docs/.vitepress/config.ts:27
const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #522e1e1c7cb01077 Hardcoded external endpoint. Review what data is sent to this destination.
repo/docs/.vitepress/theme/composables/sponsor.ts:18
    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #88e03304b749a01b Filesystem access.
repo/docs/_data/acknowledgements.data.ts:114
  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c80e9f2afd85c82c Filesystem access.
repo/docs/_data/acknowledgements.data.ts:202
    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64917797d90651ea Environment-variable access.
repo/eslint.config.js:13
const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42285fb77b0542ac Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aec9a546d1a98852 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a75790a2c3ec77c1 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d13b929a35a89cd Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #475455a7584d504f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73bca7bd0722d288 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4fe9508e5465909b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bab9fa6e1ac8a7c9 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40c1a8cf1c9d5522 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c604c2f9b096052 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65f49c23e0cf8256 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1d638974b522083 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a16aa355c4df7c0d Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #390fd9e03eeb07ee Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01dac83ceea790d5 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3435b71d9b33e77 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074a95eb83d6a01c Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eedef6b73af5cde Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #421c4e42ff3a3470 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c5db9b931a0af69 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b2bc082466c2d70 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a7238d0c16ae53 Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5005eeec2a72dbb0 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10915c26439f4eba Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dd4363caa1d1255 Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da1a275a75d74dc Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #989036b73930d122 Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c82a06dc2414087c Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92dfdec5a1d875a3 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121f6155cc9232e5 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c059afd333639a22 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0448c95f73ee7e5 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9cfe2faa94dca392 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a323f5dfeee21e3 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #153a4ae59e7ad00e Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cf36bee408f8b39 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba7ed2a0da9f60d8 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #658b93485527d4fa Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d168efe76b60f3e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #544983a93ec6ac8c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd0233a96f3daa10 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92dd77c8545a98b6 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54755be4c9fa31de Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f9ea81185576585 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54b9cbb8a56e4d48 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5de530d71c73c7b8 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a27dacf9acffa416 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70cf9e6e0f40645c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54ebb8f38246f694 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7dc638dc8e713844 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d417c421704b85f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99f54cbfe0b1eeef Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8f85262189515f2 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d95a19d8db575fa5 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5804cc45795a962f Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc62ef02ed7035c6 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ad1264d8f2f1ee3 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0480cd0988681670 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b1ffb9a9afa15b1 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a939fa9e4c1aa4e Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ba145aa02ce9437 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4278294c156f50 Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d84f9083f7619425 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa45fade1f1aab36 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #518f296d58554c4c Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fe439b0f716fe81 Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cdf715b35bf196e Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ff8b10bfc04965f Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d69a4638ac359ed Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca2eb1d12e580583 Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ca040a66cf1cda Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4048c854b80aafd Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a386deaa3f801f5d Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bf830296004261e Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c03f07d4836e646a Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5361fe445be8a7f6 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f24db37219653cc Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7892649fc6c54903 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da5d0864412b9542 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdcd24478ebb003b Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48318d807c0f136f Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e15e16de03118f9 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3dd5ed01d4f2a9e Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ebf9a8dd6842ed0 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c044ecfdb7e414a4 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22ecbcd3c1eefb7f Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ded2f46356ea3db Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e1f286755411df Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d757b6a8b455ca61 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c42ace014dbdc601 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56068b64e1d7b67 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6666791b38eefab6 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72fee4d3bb99539f Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96920580758fdf40 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ea043052926ee7 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #119f13edabf274f0 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8e641abbce0d524 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac4d55346c7d7198 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25c3ca911873197a Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d0231d7917d3c89 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c57786b9edba2810 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #802278dab91b40f6 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff0316a05e57415 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12974b5784d3ba32 Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0656d219407fce41 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #051d4dc9ca085d51 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfd8dafc6f7b239 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fcae4fd718f0e89 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ae038791d53baff Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfa1115de5e1bcbf Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bface4a2c5c66dc Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c235a69bb7f4ce4 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e8fe09b8fd5a0a Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a690fe668312347 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fe2b4fa59670de1 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5eeb47af056973bc Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f9284f8ea82b1c Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8111fbc0ecbdf7aa Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b25894194ec6441 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3870b66548a4e94c Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7a32a50faae631 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #393ed435cce60db0 Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #588dc1631a6ba5e0 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30948136d56140a9 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #927c0be159e78088 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8908c978d12470c1 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38461d0a88f8ce4e Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c24c511cb9e32cd1 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2347902d3fb1c64a Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdd7079c546724a6 Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #961a4b332ef0013e Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f14b6c07fb4b6c54 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f620e89810ebd7fe Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb7af376f67e95c5 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #766ae6afb2a73996 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #004a40bfe8a14578 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3465eb1a7d57633 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a7f46a887bdc290 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f77930c8a662af75 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e43524beb326891 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1831b2af796097 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b780399c6977584b Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4818324bae5d564 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b8b403e04166781 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc1e583402cc1b77 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a52422168387aaf3 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01327408b313cbc Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aceda8c40f2766f2 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ceb15b6b45e7da7 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62b4e2f34c30904b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7c8b27a1aa6a3d6 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d19e2b159f46206 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f0d653a117cca74 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6298f6dad5b33fd9 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400df1adfca9d86e Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa703a6b37c4dacf Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8877f1c60b7400 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ec5330c2fc23e5b Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70153a6a68bb6b64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1150aaef8174eb1c Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b282a3b5e82de4d Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a10c5e33ce2bf6f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #450486283207492d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9168d45216393321 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28834bbd88a8c512 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39bced6200a938e Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccc064a43e02f9c7 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6673c2b36043093 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81eb91b379ad01e8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7421ba9cba5f183e Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e6aa482fc0f57a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ba1f048f83e79c4 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e423dec0edbd26 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15766f30cd33703e Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b2b9a01440b189 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #211bf525cc2323d1 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ddbb84bbd3043391 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4398121abe1874a3 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #306e126701dc2bf7 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c9fcc9655446bba Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a90774ec6f9a9a1 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcab9e4ec7fe5bc3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b4c4ca73531031c Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b251c43c6ed14d0a Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e2582caddf3f18 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c109a77c4abbb94 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0373225f3b350160 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41b2cb06c5445164 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba55644c1f8a9254 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f749dcc743f7da5f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05d5b5135d193e33 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042554f8497ed7e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffd3cfad1fe57464 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82b5f950a9cc72f5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b17bdb200c58bf52 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc59677a150724a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5558081c3f8d6435 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81d71b7a0dbec45e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c20909bd874b1b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31dd3cc0d2057233 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46ed33a9aef2d715 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #490e67eb6547519e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ab797d0b04054fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f30b03420307aa73 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef412cb52da48183 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1695a89192a19313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c80be472c04b87a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e726e5eabde4de2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c84701560b522fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53d3a5cb7a8c88d6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ab25983482a1e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #757ecfd22014db3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d8a06e48a22c443 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8925f931844a6362 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da4a20e536f7d6bc Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12edb2a6a4ea38d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c87984f05f8d17 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0ba5d3e571408d9 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33177f5ae49a1f3b Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a702e75f7fdc8c2e Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e234772d721a46f5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d40fcbbc9612a7b Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d783cc8f25c4f9e1 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #033915f8ef7edd09 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9bf1892b90b2b2b Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1a85b93757ce17 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78dd70a66ba2a086 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3915ebe8a634871a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #490db21ebc21c57c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39e0e47e4bc01fb Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3336779838b6cec Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf2e5989b99b4e10 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71a7c82d88dcc399 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1107697b6307f878 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c4b828baab9a898 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1275551021cc434b Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bdbac060dcbde2e Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2f05d6ab18e485 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190748c4cdfd9169 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d946aca4dd18fe7 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25397a730d378ca8 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5be07818dfab808 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #085d35e17d3cb90c Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #323c1148a740a604 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3126062af39f9374 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c37f026917077bd9 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3831e699c88a767 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de954d76568d5494 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87644fb4e2a67ba Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced02b68b748e911 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #534d3eafc5546fc3 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c08645962c023c08 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c1db88adcfd9e6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12bab83b317f2b5f Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f890277b0f6e65b2 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99be87151de755d7 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84cfdf4738755ca Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41ca576390725d3f Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2cb285184b0a99b Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #972db6284190112f Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68294b8287b144f6 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f9d3c2085265ad5 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1c6308a48a23a57 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #376860d6c00e6202 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd23a8b52fe80468 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad85af02e7500279 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a4ea52fef4c7be9 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6730657ef67f032d Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c932d11158424c3 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afd7fdb6afbfb96e Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30014792e3daaeb5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6bdb7b74304f520 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7eb9d51a76a5b6e Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecc8b16066582923 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c417d33d9cec7501 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12646880c2ca852c Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37549975ef8856d2 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3f31ab83ebad36f Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #509f7c131aee6675 Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b389ae794625025 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e7ecc1b43888264 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924cbb3809e58038 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4bb120b81c6c9ef Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a4a2e47b02d7a23 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4476075873f014d0 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50165e0950f32c84 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b86b03a4157c8754 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #876f28b78b5f09a6 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2f2289980ff8b8 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ede46c47964e1882 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8e46054b9e53b7b Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c4b8ffc36f308e5 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09d459f3cdb61cd1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #602db5e425ec37fd Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a51e78e6555c018a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #240427f0decb0aee Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5fd986f50d4b84d Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f93f9b984a2f6593 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88db48367156127d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca16c2a81ccdef79 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2ae51b853e5b49 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c13cfd84b81748b Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4427ea0434701675 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f201de961a31dae Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee225775179bc5b4 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b572e02eb0ad6087 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f5dba32e68d9f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #593d8ecea68e61f9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e1469e55c24cd77 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b281dae8ba8e0d23 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #958391a3c58a5b3c Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d909ce94e39cec9f Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2495fdace55b08a1 Filesystem access.
repo/scripts/mergeChangelog.ts:188
const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e131fb27a14931fb Filesystem access.
repo/scripts/mergeChangelog.ts:212
await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d679db799782bb1a Filesystem access.
repo/scripts/releaseUtils.ts:19
    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #202b22b72e3fe554 Filesystem access.
repo/scripts/releaseUtils.ts:55
    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e85c84886eacafbd Filesystem access.
repo/scripts/releaseUtils.ts:66
    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2437d27a3a78f318 Filesystem access.
repo/scripts/releaseUtils.ts:68
    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14d9fad5fae2795d Environment-variable access.
repo/vitest.config.e2e.ts:4
const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #662555973a5c4f53 Environment-variable access.
repo/vitest.config.e2e.ts:6
const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0df21674ad275b1f Environment-variable access.
repo/vitest.config.e2e.ts:36
        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #838c5ea42b8d4bf7 Environment-variable access.
repo/vitest.config.e2e.ts:40
      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party
expand_more 18 low-confidence finding(s)
low env_fs test-only #42285fb77b0542ac Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aec9a546d1a98852 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a75790a2c3ec77c1 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d13b929a35a89cd Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #475455a7584d504f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73bca7bd0722d288 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4fe9508e5465909b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bab9fa6e1ac8a7c9 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40c1a8cf1c9d5522 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c604c2f9b096052 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65f49c23e0cf8256 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1d638974b522083 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a16aa355c4df7c0d Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #390fd9e03eeb07ee Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01dac83ceea790d5 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3435b71d9b33e77 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074a95eb83d6a01c Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eedef6b73af5cde Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #421c4e42ff3a3470 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c5db9b931a0af69 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party
expand_more 127 low-confidence finding(s)
low env_fs production #2b2bc082466c2d70 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a7238d0c16ae53 Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5005eeec2a72dbb0 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10915c26439f4eba Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dd4363caa1d1255 Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da1a275a75d74dc Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #989036b73930d122 Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c82a06dc2414087c Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92dfdec5a1d875a3 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121f6155cc9232e5 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c059afd333639a22 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0448c95f73ee7e5 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9cfe2faa94dca392 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a323f5dfeee21e3 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #153a4ae59e7ad00e Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cf36bee408f8b39 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba7ed2a0da9f60d8 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #658b93485527d4fa Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d168efe76b60f3e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #544983a93ec6ac8c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd0233a96f3daa10 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92dd77c8545a98b6 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54755be4c9fa31de Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f9ea81185576585 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54b9cbb8a56e4d48 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5de530d71c73c7b8 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a27dacf9acffa416 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70cf9e6e0f40645c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54ebb8f38246f694 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7dc638dc8e713844 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d417c421704b85f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99f54cbfe0b1eeef Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8f85262189515f2 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d95a19d8db575fa5 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5804cc45795a962f Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc62ef02ed7035c6 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ad1264d8f2f1ee3 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0480cd0988681670 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b1ffb9a9afa15b1 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a939fa9e4c1aa4e Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ba145aa02ce9437 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4278294c156f50 Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d84f9083f7619425 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa45fade1f1aab36 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #518f296d58554c4c Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fe439b0f716fe81 Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cdf715b35bf196e Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ff8b10bfc04965f Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d69a4638ac359ed Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca2eb1d12e580583 Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ca040a66cf1cda Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4048c854b80aafd Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a386deaa3f801f5d Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bf830296004261e Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c03f07d4836e646a Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5361fe445be8a7f6 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f24db37219653cc Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7892649fc6c54903 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da5d0864412b9542 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdcd24478ebb003b Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48318d807c0f136f Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e15e16de03118f9 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3dd5ed01d4f2a9e Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ebf9a8dd6842ed0 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c044ecfdb7e414a4 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22ecbcd3c1eefb7f Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ded2f46356ea3db Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e1f286755411df Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d757b6a8b455ca61 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c42ace014dbdc601 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56068b64e1d7b67 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6666791b38eefab6 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72fee4d3bb99539f Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96920580758fdf40 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ea043052926ee7 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #119f13edabf274f0 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8e641abbce0d524 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac4d55346c7d7198 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25c3ca911873197a Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d0231d7917d3c89 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c57786b9edba2810 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #802278dab91b40f6 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff0316a05e57415 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12974b5784d3ba32 Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0656d219407fce41 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #051d4dc9ca085d51 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfd8dafc6f7b239 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fcae4fd718f0e89 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ae038791d53baff Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfa1115de5e1bcbf Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bface4a2c5c66dc Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c235a69bb7f4ce4 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e8fe09b8fd5a0a Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a690fe668312347 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fe2b4fa59670de1 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5eeb47af056973bc Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f9284f8ea82b1c Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8111fbc0ecbdf7aa Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b25894194ec6441 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3870b66548a4e94c Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7a32a50faae631 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #393ed435cce60db0 Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #588dc1631a6ba5e0 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30948136d56140a9 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #927c0be159e78088 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8908c978d12470c1 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38461d0a88f8ce4e Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c24c511cb9e32cd1 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2347902d3fb1c64a Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdd7079c546724a6 Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #961a4b332ef0013e Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f14b6c07fb4b6c54 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f620e89810ebd7fe Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb7af376f67e95c5 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #766ae6afb2a73996 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #004a40bfe8a14578 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3465eb1a7d57633 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a7f46a887bdc290 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f77930c8a662af75 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e43524beb326891 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1831b2af796097 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b780399c6977584b Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4818324bae5d564 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b8b403e04166781 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc1e583402cc1b77 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a52422168387aaf3 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01327408b313cbc Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party
expand_more 165 low-confidence finding(s)
low env_fs test-only #aceda8c40f2766f2 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ceb15b6b45e7da7 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62b4e2f34c30904b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7c8b27a1aa6a3d6 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d19e2b159f46206 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f0d653a117cca74 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6298f6dad5b33fd9 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400df1adfca9d86e Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa703a6b37c4dacf Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8877f1c60b7400 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ec5330c2fc23e5b Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70153a6a68bb6b64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1150aaef8174eb1c Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b282a3b5e82de4d Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a10c5e33ce2bf6f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #450486283207492d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9168d45216393321 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28834bbd88a8c512 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39bced6200a938e Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccc064a43e02f9c7 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6673c2b36043093 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81eb91b379ad01e8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7421ba9cba5f183e Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e6aa482fc0f57a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ba1f048f83e79c4 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e423dec0edbd26 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15766f30cd33703e Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b2b9a01440b189 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #211bf525cc2323d1 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ddbb84bbd3043391 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4398121abe1874a3 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #306e126701dc2bf7 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c9fcc9655446bba Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a90774ec6f9a9a1 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcab9e4ec7fe5bc3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b4c4ca73531031c Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b251c43c6ed14d0a Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e2582caddf3f18 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c109a77c4abbb94 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0373225f3b350160 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41b2cb06c5445164 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba55644c1f8a9254 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f749dcc743f7da5f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05d5b5135d193e33 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042554f8497ed7e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffd3cfad1fe57464 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82b5f950a9cc72f5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b17bdb200c58bf52 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc59677a150724a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5558081c3f8d6435 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81d71b7a0dbec45e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c20909bd874b1b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31dd3cc0d2057233 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46ed33a9aef2d715 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #490e67eb6547519e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ab797d0b04054fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f30b03420307aa73 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef412cb52da48183 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1695a89192a19313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c80be472c04b87a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e726e5eabde4de2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c84701560b522fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53d3a5cb7a8c88d6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ab25983482a1e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #757ecfd22014db3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d8a06e48a22c443 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8925f931844a6362 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da4a20e536f7d6bc Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12edb2a6a4ea38d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c87984f05f8d17 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0ba5d3e571408d9 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33177f5ae49a1f3b Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a702e75f7fdc8c2e Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e234772d721a46f5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d40fcbbc9612a7b Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d783cc8f25c4f9e1 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #033915f8ef7edd09 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9bf1892b90b2b2b Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1a85b93757ce17 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78dd70a66ba2a086 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3915ebe8a634871a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #490db21ebc21c57c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39e0e47e4bc01fb Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3336779838b6cec Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf2e5989b99b4e10 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71a7c82d88dcc399 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1107697b6307f878 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c4b828baab9a898 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1275551021cc434b Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bdbac060dcbde2e Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2f05d6ab18e485 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190748c4cdfd9169 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d946aca4dd18fe7 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25397a730d378ca8 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5be07818dfab808 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #085d35e17d3cb90c Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #323c1148a740a604 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3126062af39f9374 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c37f026917077bd9 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3831e699c88a767 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de954d76568d5494 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87644fb4e2a67ba Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced02b68b748e911 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #534d3eafc5546fc3 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c08645962c023c08 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c1db88adcfd9e6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12bab83b317f2b5f Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f890277b0f6e65b2 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99be87151de755d7 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84cfdf4738755ca Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41ca576390725d3f Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2cb285184b0a99b Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #972db6284190112f Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68294b8287b144f6 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f9d3c2085265ad5 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1c6308a48a23a57 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #376860d6c00e6202 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd23a8b52fe80468 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad85af02e7500279 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a4ea52fef4c7be9 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6730657ef67f032d Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c932d11158424c3 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afd7fdb6afbfb96e Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30014792e3daaeb5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6bdb7b74304f520 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7eb9d51a76a5b6e Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecc8b16066582923 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c417d33d9cec7501 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12646880c2ca852c Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37549975ef8856d2 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3f31ab83ebad36f Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #509f7c131aee6675 Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b389ae794625025 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e7ecc1b43888264 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924cbb3809e58038 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4bb120b81c6c9ef Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a4a2e47b02d7a23 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4476075873f014d0 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50165e0950f32c84 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b86b03a4157c8754 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #876f28b78b5f09a6 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2f2289980ff8b8 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ede46c47964e1882 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8e46054b9e53b7b Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c4b8ffc36f308e5 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09d459f3cdb61cd1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #602db5e425ec37fd Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a51e78e6555c018a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #240427f0decb0aee Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5fd986f50d4b84d Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f93f9b984a2f6593 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88db48367156127d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca16c2a81ccdef79 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2ae51b853e5b49 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c13cfd84b81748b Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4427ea0434701675 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f201de961a31dae Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee225775179bc5b4 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b572e02eb0ad6087 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f5dba32e68d9f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #593d8ecea68e61f9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e1469e55c24cd77 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b281dae8ba8e0d23 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #958391a3c58a5b3c Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d909ce94e39cec9f Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #aceda8c40f2766f2 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ceb15b6b45e7da7 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62b4e2f34c30904b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7c8b27a1aa6a3d6 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d19e2b159f46206 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #8f0d653a117cca74 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #fa703a6b37c4dacf Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8877f1c60b7400 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #6298f6dad5b33fd9 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400df1adfca9d86e Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #0ec5330c2fc23e5b Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70153a6a68bb6b64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1150aaef8174eb1c Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b282a3b5e82de4d Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #2a10c5e33ce2bf6f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #450486283207492d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9168d45216393321 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28834bbd88a8c512 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e39bced6200a938e Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #ccc064a43e02f9c7 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #15766f30cd33703e Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b2b9a01440b189 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #211bf525cc2323d1 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #b6673c2b36043093 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81eb91b379ad01e8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #7421ba9cba5f183e Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e6aa482fc0f57a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ba1f048f83e79c4 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e423dec0edbd26 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #ddbb84bbd3043391 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4398121abe1874a3 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #306e126701dc2bf7 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #1c9fcc9655446bba Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #9a90774ec6f9a9a1 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcab9e4ec7fe5bc3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b4c4ca73531031c Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b251c43c6ed14d0a Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e2582caddf3f18 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #1c109a77c4abbb94 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0373225f3b350160 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41b2cb06c5445164 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba55644c1f8a9254 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f749dcc743f7da5f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05d5b5135d193e33 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042554f8497ed7e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffd3cfad1fe57464 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82b5f950a9cc72f5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b17bdb200c58bf52 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc59677a150724a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5558081c3f8d6435 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81d71b7a0dbec45e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c20909bd874b1b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31dd3cc0d2057233 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46ed33a9aef2d715 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #490e67eb6547519e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ab797d0b04054fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f30b03420307aa73 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef412cb52da48183 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1695a89192a19313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c80be472c04b87a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e726e5eabde4de2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c84701560b522fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53d3a5cb7a8c88d6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ab25983482a1e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #757ecfd22014db3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d8a06e48a22c443 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8925f931844a6362 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da4a20e536f7d6bc Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12edb2a6a4ea38d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c87984f05f8d17 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0ba5d3e571408d9 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33177f5ae49a1f3b Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a702e75f7fdc8c2e Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #e234772d721a46f5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d40fcbbc9612a7b Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #033915f8ef7edd09 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9bf1892b90b2b2b Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1a85b93757ce17 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78dd70a66ba2a086 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3915ebe8a634871a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #490db21ebc21c57c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39e0e47e4bc01fb Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3336779838b6cec Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf2e5989b99b4e10 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #d783cc8f25c4f9e1 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #033915f8ef7edd09 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b9bf1892b90b2b2b Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #3d1a85b93757ce17 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #78dd70a66ba2a086 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3915ebe8a634871a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #490db21ebc21c57c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39e0e47e4bc01fb Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3336779838b6cec Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #71a7c82d88dcc399 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1107697b6307f878 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #41ca576390725d3f Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2cb285184b0a99b Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #9c4b828baab9a898 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #1275551021cc434b Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bdbac060dcbde2e Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2f05d6ab18e485 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190748c4cdfd9169 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #8d946aca4dd18fe7 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25397a730d378ca8 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5be07818dfab808 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #085d35e17d3cb90c Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps/read-file-content

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #25397a730d378ca8 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #323c1148a740a604 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3126062af39f9374 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c37f026917077bd9 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3831e699c88a767 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #de954d76568d5494 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87644fb4e2a67ba Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced02b68b748e911 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #534d3eafc5546fc3 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #c08645962c023c08 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #00c1db88adcfd9e6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12bab83b317f2b5f Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #f890277b0f6e65b2 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99be87151de755d7 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #f84cfdf4738755ca Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #1c932d11158424c3 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afd7fdb6afbfb96e Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30014792e3daaeb5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6bdb7b74304f520 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #6730657ef67f032d Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only #924cbb3809e58038 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4bb120b81c6c9ef Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a4a2e47b02d7a23 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4476075873f014d0 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50165e0950f32c84 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b86b03a4157c8754 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #876f28b78b5f09a6 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2f2289980ff8b8 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ede46c47964e1882 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8e46054b9e53b7b Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c4b8ffc36f308e5 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09d459f3cdb61cd1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #602db5e425ec37fd Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a51e78e6555c018a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #240427f0decb0aee Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5fd986f50d4b84d Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f93f9b984a2f6593 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88db48367156127d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca16c2a81ccdef79 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2ae51b853e5b49 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c13cfd84b81748b Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4427ea0434701675 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f201de961a31dae Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee225775179bc5b4 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b572e02eb0ad6087 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f5dba32e68d9f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #593d8ecea68e61f9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e1469e55c24cd77 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b281dae8ba8e0d23 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #958391a3c58a5b3c Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d909ce94e39cec9f Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
  • first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
  • first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/native-import prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
  • first-party (npm): docs prod — scan budget exceeded
  • lightningcss prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • postcss prod — scan budget exceeded
  • tinyglobby prod — scan budget exceeded
  • @babel/core prod — scan budget exceeded
  • @babel/plugin-transform-dynamic-import prod — scan budget exceeded
  • @babel/plugin-transform-modules-systemjs prod — scan budget exceeded
  • @babel/preset-env prod — scan budget exceeded
  • babel-plugin-polyfill-corejs3 prod — scan budget exceeded
  • babel-plugin-polyfill-regenerator prod — scan budget exceeded
  • browserslist prod — scan budget exceeded
  • browserslist-to-esbuild prod — scan budget exceeded
  • core-js prod — scan budget exceeded
  • regenerator-runtime prod — scan budget exceeded
  • systemjs prod — scan budget exceeded
  • @tailwindcss/vite prod — scan budget exceeded
  • tailwindcss prod — scan budget exceeded
  • @vitejs/test-dep-no-discovery prod — scan budget exceeded
  • vue prod — scan budget exceeded
  • vuex prod — scan budget exceeded
  • clipboard prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
  • @vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
  • @vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
  • @vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-css-require prod — scan budget exceeded
  • @vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
  • @vitejs/test-dep-incompatible prod — scan budget exceeded
  • @vitejs/test-dep-linked prod — scan budget exceeded
  • @vitejs/test-dep-linked-include prod — scan budget exceeded
  • @vitejs/test-dep-node-env prod — scan budget exceeded
  • @vitejs/test-dep-not-js prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-relative-to-main prod — scan budget exceeded
  • @vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
  • @vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
  • @vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
  • @vitejs/test-dep-non-optimized prod — scan budget exceeded
  • @vitejs/test-added-in-entries prod — scan budget exceeded
  • @vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
  • @vitejs/test-dep-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-lodash prod — scan budget exceeded
  • @vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
  • @vitejs/test-dep-lodash-es prod — scan budget exceeded
  • @vitejs/test-nested-exclude prod — scan budget exceeded
  • phoenix prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • @vitejs/test-resolve-linked prod — scan budget exceeded
  • @vitejs/test-alias-original prod — scan budget exceeded
  • aliased-module prod — scan budget exceeded
  • @vue/shared prod — scan budget exceeded
  • @vitejs/test-dep-that-imports prod — scan budget exceeded
  • @vitejs/test-dep-that-requires prod — scan budget exceeded
  • @vitejs/test-commonjs-dep prod — scan budget exceeded
  • @vitejs/test-deep-import prod — scan budget exceeded
  • @vitejs/test-entries prod — scan budget exceeded
  • @vitejs/test-module-sync prod — scan budget exceeded
  • @vitejs/test-resolve-pkg-exports prod — scan budget exceeded
  • @tailwindcss/postcss prod — scan budget exceeded
  • @vitejs/test-external-cjs prod — scan budget exceeded
  • @vitejs/test-require-external-cjs prod — scan budget exceeded
  • @vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-external prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
  • autoprefixer prod — scan budget exceeded
  • @babel/runtime prod — scan budget exceeded
  • normalize.css prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field prod — scan budget exceeded
  • @vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded
  • @vitejs/test-resolve-custom-condition prod — scan budget exceeded

Development

  • @eslint/js dev — scan budget exceeded
  • @type-challenges/utils dev — scan budget exceeded
  • @types/babel__core dev — scan budget exceeded
  • @types/babel__preset-env dev — scan budget exceeded
  • @types/convert-source-map dev — scan budget exceeded
  • @types/cross-spawn dev — scan budget exceeded
  • @types/etag dev — scan budget exceeded
  • @types/less dev — scan budget exceeded
  • @types/node dev — scan budget exceeded
  • @types/picomatch dev — scan budget exceeded
  • @types/stylus dev — scan budget exceeded
  • @types/ws dev — scan budget exceeded
  • @vitejs/release-scripts dev — scan budget exceeded
  • eslint dev — scan budget exceeded
  • eslint-plugin-import-x dev — scan budget exceeded
  • eslint-plugin-n dev — scan budget exceeded
  • eslint-plugin-regexp dev — scan budget exceeded
  • execa dev — scan budget exceeded
  • globals dev — scan budget exceeded
  • lint-staged dev — scan budget exceeded
  • oxfmt dev — scan budget exceeded
  • picocolors dev — scan budget exceeded
  • playwright-chromium dev — scan budget exceeded
  • rolldown dev — scan budget exceeded
  • rollup dev — scan budget exceeded
  • simple-git-hooks dev — scan budget exceeded
  • tsx dev — scan budget exceeded
  • typescript dev — scan budget exceeded
  • typescript-eslint dev — scan budget exceeded
  • vite dev — scan budget exceeded
  • vitest dev — scan budget exceeded
  • @clack/prompts dev — scan budget exceeded
  • @vercel/detect-agent dev — scan budget exceeded
  • cross-spawn dev — scan budget exceeded
  • mri dev — scan budget exceeded
  • tsdown dev — scan budget exceeded
  • unrun dev — scan budget exceeded
  • @babel/parser dev — scan budget exceeded
  • @jridgewell/remapping dev — scan budget exceeded
  • @jridgewell/trace-mapping dev — scan budget exceeded
  • @polka/compression dev — scan budget exceeded
  • @rollup/plugin-alias dev — scan budget exceeded
  • @rollup/plugin-dynamic-import-vars dev — scan budget exceeded
  • @rollup/pluginutils dev — scan budget exceeded
  • @types/escape-html dev — scan budget exceeded
  • @types/pnpapi dev — scan budget exceeded
  • @vitejs/devtools dev — scan budget exceeded
  • @vitest/utils dev — scan budget exceeded
  • @voidzero-dev/vite-task-client dev — scan budget exceeded
  • artichokie dev — scan budget exceeded
  • baseline-browser-mapping dev — scan budget exceeded
  • cac dev — scan budget exceeded
  • chokidar dev — scan budget exceeded
  • connect dev — scan budget exceeded
  • convert-source-map dev — scan budget exceeded
  • cors dev — scan budget exceeded
  • dotenv-expand dev — scan budget exceeded
  • es-module-lexer dev — scan budget exceeded
  • esbuild dev — scan budget exceeded
  • escape-html dev — scan budget exceeded
  • estree-walker dev — scan budget exceeded
  • etag dev — scan budget exceeded
  • fresh-import dev — scan budget exceeded
  • host-validation-middleware dev — scan budget exceeded
  • http-proxy-3 dev — scan budget exceeded
  • launch-editor-middleware dev — scan budget exceeded
  • magic-string dev — scan budget exceeded
  • mlly dev — scan budget exceeded
  • mrmime dev — scan budget exceeded
  • nanoid dev — scan budget exceeded
  • obug dev — scan budget exceeded
  • open dev — scan budget exceeded
  • parse5 dev — scan budget exceeded
  • pathe dev — scan budget exceeded
  • periscopic dev — scan budget exceeded
  • postcss-import dev — scan budget exceeded
  • postcss-load-config dev — scan budget exceeded
  • postcss-modules dev — scan budget exceeded
  • premove dev — scan budget exceeded
  • resolve.exports dev — scan budget exceeded
  • rolldown-plugin-dts dev — scan budget exceeded
  • rollup-plugin-license dev — scan budget exceeded
  • sass dev — scan budget exceeded
  • sass-embedded dev — scan budget exceeded
  • sirv dev — scan budget exceeded
  • strip-literal dev — scan budget exceeded
  • terser dev — scan budget exceeded
  • ufo dev — scan budget exceeded
  • ws dev — scan budget exceeded
  • acorn dev — scan budget exceeded
  • css-color-names dev — scan budget exceeded
  • kill-port dev — scan budget exceeded
  • url dev — scan budget exceeded
  • express dev — scan budget exceeded
  • less dev — scan budget exceeded
  • slash3 dev — scan budget exceeded
  • slash5 dev — scan budget exceeded
  • vue34 dev — scan budget exceeded
  • pug dev — scan budget exceeded
  • @types/react dev — scan budget exceeded
  • @types/react-dom dev — scan budget exceeded
  • react-fake-client dev — scan budget exceeded
  • react-fake-server dev — scan budget exceeded
  • @vitejs/test-css-dep dev — scan budget exceeded
  • @vitejs/test-css-dep-exports dev — scan budget exceeded
  • @vitejs/test-css-js-dep dev — scan budget exceeded
  • @vitejs/test-css-proxy-dep dev — scan budget exceeded
  • @vitejs/test-scss-proxy-dep dev — scan budget exceeded
  • postcss-nested dev — scan budget exceeded
  • stylus dev — scan budget exceeded
  • sugarss dev — scan budget exceeded
  • @vitejs/test-json-require dev — scan budget exceeded
  • @vitejs/test-json-module dev — scan budget exceeded