Close Open Privacy Scan

bolt Snapshot: commit 18e5985
science engine v2
schedule 2026-07-01T14:07:34.567681+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 99 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 99 low
First-party packages: 1
Dependency packages: 11
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #ad83945b0af1b100 Environment-variable access.
repo/examples/cookies/index.js:13
if (process.env.NODE_ENV !== 'test') app.use(logger(':method :url'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cbe54a183abc2bf Environment-variable access.
repo/examples/error-pages/index.js:11
var silent = process.env.NODE_ENV === 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #812981aca18b33b6 Filesystem access.
repo/examples/markdown/index.js:18
  fs.readFile(path, 'utf8', function(err, str){
    if (err) return fn(err);
    var html = marked.parse(str).replace(/\{([^}]+)\}/g, function(_, name){
      return escapeHtml(options[name] || '');
    });
    fn(null, html);
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29926ad4273662c7 Environment-variable access.
repo/examples/route-map/index.js:10
var verbose = process.env.NODE_ENV !== 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f369bc89f5b6139e Environment-variable access.
repo/lib/application.js:91
  var env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

debug

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #75f255cdcaf51dbd Environment-variable access.
pkgs/npm/[email protected]/src/browser.js:230
		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #185c574eb8e54ce7 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:136
	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17fbfc6d1917c388 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:205
		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86812f58ba7b6f49 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:209
		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ee59a03cd6ae44 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:221
	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

depd

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #7fa30ab8c881e388 Environment-variable access.
pkgs/npm/[email protected]/index.js:159
  var str = process.env.NO_DEPRECATION || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9e7009df34f6a94 Environment-variable access.
pkgs/npm/[email protected]/index.js:175
  var str = process.env.TRACE_DEPRECATION || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ejs

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #01cc19a651b3fd32 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:26
let fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60a95638d4a63789 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:28
let usage = fs.readFileSync(`${__dirname}/../usage.txt`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4536bdca760261d Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:193
    input = fs.readFileSync(pOpts.dataFile).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829767ed2fec2528 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:206
  let template = fs.readFileSync(opts.filename).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71ecdabd03fa5786 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:209
    fs.writeFileSync(pOpts.outputFile, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5787cd2a67445d Filesystem access.
pkgs/npm/[email protected]/ejs.js:24
var fs_1 = __importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a84e67464438b8b3 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:1
let fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc552e62e412929 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:34
  let source = fs.readFileSync('lib/cjs/ejs.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb8c58c6bea18b4 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:51
  fs.writeFileSync('lib/cjs/ejs.js', source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00a7a800f9173400 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:52
  let utilsSource = fs.readFileSync('lib/cjs/utils.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345039190e04112d Filesystem access.
pkgs/npm/[email protected]/jakefile.js:55
  fs.writeFileSync('lib/cjs/utils.js', utilsSource);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7eb8c6835838f35 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:56
  let parseargsSource = fs.readFileSync('lib/cjs/parseargs.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a3c3ebb3cae543 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:59
  fs.writeFileSync('lib/cjs/parseargs.js', parseargsSource);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83ae2109c8c8ca39 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:60
  fs.writeFileSync('lib/cjs/package.json', '{"type":"commonjs"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e4d5386b4d0da91 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:113
  fs.writeFileSync('out/CNAME', 'api.ejs.co');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4ee1d44196db593 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:144
      fs.writeFileSync(path.join(fixtureDir, 'package.json'), JSON.stringify({
        private: true,
        type: 'module'
      }, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e76c1781b7fb7ed8 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:152
      fs.writeFileSync(path.join(fixtureDir, 'cjs-smoke.cjs'), [
        'const assert = require("assert");',
        'const ejs = require("ejs");',
        'assert.equal(typeof ejs.render, "function");',
        'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "&lt;&gt;&amp;");',
        ''
      ].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672c9d66bb05eed4 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:162
      fs.writeFileSync(path.join(fixtureDir, 'esm-smoke.mjs'), [
        'import assert from "node:assert/strict";',
        'import ejs from "ejs";',
        'assert.equal(typeof ejs.render, "function");',
        'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "&lt;&gt;&amp;");',
        ''
      ].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a770d0ab25e8a040 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:172
      fs.writeFileSync(path.join(fixtureDir, 'template.ejs'), 'Hello <%= name %>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b484074dc95ede Filesystem access.
pkgs/npm/[email protected]/lib/cjs/ejs.js:23
var fs_1 = __importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #46dfb0d2c519f3b8 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:18
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91daa676e3b10695 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:725
            fs.writeFileSync(result.filePath, result.output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f8c7e050034fc6c Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:835
                text: fs.readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c98a74472f1437e Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/file-enumerator.js:37
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5833f86ea91f9e0 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:12
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac89d382daaa9777 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:137
            fileDescriptor.meta.results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #017f837630b214f2 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/load-rules.js:12
const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49a218151a070050 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:18
const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5252feb6c3331115 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:13
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f299581a8dc79988 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:14
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7079b1d3e35da014 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:13
const fs = require("fs").promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6f703d199233e3 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:630
                .map(r => fs.writeFile(r.filePath, r.output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38ced6d8afc071f9 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:844
                return fs.readFile(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #491b21cdb07414ef Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:1118
    switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28a3863798af129e Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:42
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9edde33fc97ae1d1 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:54
    if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0183fc079bdd5f66 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:58
    if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deab223e51a252d5 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:62
    const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

etag

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7ddc1b24755da832 Filesystem access.
pkgs/npm/[email protected]/index.js:22
var Stats = require('fs').Stats

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

express-session

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #95d1980ad980610d Environment-variable access.
pkgs/npm/[email protected]/index.js:33
var env = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

finalhandler

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d7a3b3c9a617f098 Environment-variable access.
pkgs/npm/[email protected]/index.js:73
  var env = opts.env || process.env.NODE_ENV || 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

hbs

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #3e21533393d34465 Filesystem access.
pkgs/npm/[email protected]/lib/hbs.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45cc8c20053becdb Filesystem access.
pkgs/npm/[email protected]/lib/hbs.js:82
    fs.readFile(filename, 'utf8', function(err, str){
      if (err) {
        return cb(err);
      }

      var template = handlebars.compile(str);
      if (locals.cache) {
        cache[filename] = template;
      }

      try {
        var res = template(locals, handlebarsOpts);
        self.async.done(function(values) {
          Object.keys(values).forEach(function(id) {
            res = res.replace(id, values[id]);
          });

          cb(null, res);
        });
      } catch (err) {
        cb(prependFilenameToError(filename, err))
      }
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aeffdfce4ff360f Filesystem access.
pkgs/npm/[email protected]/lib/hbs.js:189
    fs.readFile(template, 'utf8', function(err, str) {
      if (err) {
        if (layout && templates.length === 0) {
          // Only return error if user explicitly asked for layout.
          return cb(err);
        }

        if (templates.length > 0) {
          return tryReadFileAndCache(templates);
        }

        return render_file(options, cb);
      }

      cacheAndCompile(template, str);
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74516f0c058c2893 Filesystem access.
pkgs/npm/[email protected]/lib/hbs.js:269
    fs.readFile(filepath, 'utf8', function(err, data) {
      if (!err) {
        var extname = path.extname(filepath)
        var name = path.relative(directory, filepath)
          .slice(0, -(extname.length))
          .replace(/\\/g, '/')

        handlebars.registerPartial(rename(name).replace(/ /g, '_'), data)
      }

      done(err);
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #5b3cab6247717115 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:39
    require("js-yaml").load(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d882979c8bd551a Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:55
      require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83cfed7f2a1f3ba Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27
  const css = fs.readFileSync(path.join(srcdir, "mocha.css"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2bdfcdaf875912 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28
  const js = fs.readFileSync(path.join(srcdir, "mocha.js"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8afc4fa64116111 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29
  const tmpl = fs.readFileSync(
    path.join(srcdir, "lib", "browser", "template.html"),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b49ed2c16af0ffe Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32
  fs.writeFileSync(path.join(destdir, "mocha.css"), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c186180b12e66cd Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33
  fs.writeFileSync(path.join(destdir, "mocha.js"), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c1576877680dce6 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34
  fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f97815fa0b906355 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35
  fs.writeFileSync(path.join(destdir, "index.html"), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #500d9f667a98caa3 Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:240
      configData = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6426f151109796d9 Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302
  const envConfig = parse(process.env.MOCHA_OPTIONS || "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d0a0b15e90d9fdf Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #224985a32c2344c8 Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #0d7ea70235123ba8 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a731c21ac17baf1 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:53
    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2a421858d171f76 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343542a4efe8f33a Filesystem access.
pkgs/npm/[email protected]/index.js:190
        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6684666c958c9b99 Filesystem access.
pkgs/npm/[email protected]/index.js:218
      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29021ebe92517af3 Filesystem access.
pkgs/npm/[email protected]/index.js:226
        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87744ad4c1665e65 Environment-variable access.
pkgs/npm/[email protected]/index.js:353
    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45ebd2f797f9759f Environment-variable access.
pkgs/npm/[email protected]/index.js:375
    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9481998b3bcf4054 Filesystem access.
pkgs/npm/[email protected]/index.js:409
    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24ec593bb31f099 Filesystem access.
pkgs/npm/[email protected]/index.js:514
      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b17df830975bdc9f Environment-variable access.
pkgs/npm/[email protected]/lib/commands/check-coverage.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c540788275c0ed7a Environment-variable access.
pkgs/npm/[email protected]/lib/commands/merge.js:33
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d46a1e7464aab5c Filesystem access.
pkgs/npm/[email protected]/lib/commands/merge.js:44
  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #332a10ce864e35db Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ce140d65c3dada Environment-variable access.
pkgs/npm/[email protected]/lib/config-util.js:12
  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cdcd6b942580867 Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d02fee136740cb7 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:21
    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302e3df2863e1408 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:26
  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3d41a0058a96a40 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:43
      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c57520957842c6 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:68
            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b154add46b55ca7 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:6
  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adad07d3608d3347 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:15
  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe0b607f4d95232 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:18
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c8a21edc0980fd4 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:19
  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47d2a556d6b4bf57 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:20
  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33be1f8bf96e49ab Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:23
if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d761cd493fad58 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:24
  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec413bfe70946544 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:25
  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

send

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #63078e8dc9c53807 Filesystem access.
pkgs/npm/[email protected]/index.js:21
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • content-disposition prod — dist-only: no readable source
  • content-type prod — dist-only: no readable source
  • cookie prod — dist-only: no readable source