Close Open Privacy Scan

link https://github.com/vitejs/vite

bolt Snapshot: commit ec064c3

science engine v1

schedule 2026-06-29T14:13:39.593357+00:00

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100

Low privacy risk

Low risk · 794 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5

env_fs −3

list Scan Summary

0 high 0 medium 794 low

First-party packages: 42

Dependency packages: 0

Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party

expand_more 328 low-confidence finding(s)

low env_fs production #2bcc0d97cdc64607 — Filesystem access.

repo/docs/.vitepress/buildEnd.config.ts:49

  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #613a1ec0769f91f5 — Environment-variable access.

repo/docs/.vitepress/config.ts:26

const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc16377ac3e99a4a — Environment-variable access.

repo/docs/.vitepress/config.ts:27

const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ae19d4c3ebcb4643 — Hardcoded external endpoint. Review what data is sent to this destination.

repo/docs/.vitepress/theme/composables/sponsor.ts:18

    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4668ed451dd47726 — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:114

  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8adca56e7094ca6 — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:202

    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67970629bcb9d08e — Environment-variable access.

repo/eslint.config.js:13

const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e30e1fb5dda767c4 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #189d5382b3365a2a — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98cd9751acd83348 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e1929424d495f34 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6d73a54f85e9f9d — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #774334f0dd1b9e6c — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65eb8a399dfa2912 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be25eb4cc9358b05 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce392157023e13c5 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a921d284fc8f93e — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51dfa4c0ee6cb970 — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c079f936a6470010 — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c89ec2e729edde7a — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43fc92fdd2d154dd — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd4b1e39f2bd2288 — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f3917b2ff2979c6 — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1addfdeb4c7ab527 — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fb39dcfa31608e1 — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5241123921175a2a — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fd5a4198c2fef00 — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0f2f6dc7032dec8 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #017163ae1558fe9e — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316e77f34fdc718b — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93487d6cd4a75c1a — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd091cdf762ef8d8 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7108618455d1bf92 — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eec605f9c4802df6 — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c5bc65c2871dc9 — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #191ffb9b1872a410 — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee6876d5e534ecf8 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c9b5a0df75fde24 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20d8f3b5893b3749 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10034da0c70a3920 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85905280faa77a41 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a46ed12db4d0056 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d727f706e8086d9 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec87d65ce9773ad4 — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d596bf97e5e929cc — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e48dd07368771d18 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b56f50c8b0964b6d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38ec43852bccc42 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c29832104a44db8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ebf71956113ff1d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #281ab778b731a0d0 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bef76b405f924c3f — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b7902f97ab26c70 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cb669d7f8b6e9cc — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8df3bbdbfaff3a1c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bae8a5d7dfbd694a — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61a76f16e7a34302 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5da73837ec857e1 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b78bbe76a08467ba — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1271d8b879e8770f — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0046b17804880fb8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1b4b75fbfecc5ab — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b55e2556f9019a3 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fb3b8d17901a2637 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a333a7b1b5d066a0 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1225a8594923656e — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c76f51710404af4 — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc35a92d1ccc8f71 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bf5dfa2ac98ae7f — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3e2b4b06f1c791d — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a33bcbb48e66786d — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #413b69dcfa5161da — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3d1ae0f3be8f0f4 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff04c14550e70034 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6f0ea6b3e3eee89 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #192c73f163c9d046 — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699f0863a86db216 — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2743836f3e3ff94f — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9f5d6fea3267fa7 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ba67b736b1692af — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad6cf6c8fdf3caf1 — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b81f160631029b2 — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb28f378696f1058 — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #544615b462e5008e — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c5ff3dab47bd87c — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3b482658a46fd4d — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #932d0542b3149721 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae78dda96e871b0a — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bef4a04903f38f99 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94b75f6c17c50139 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3336adb9cab6fd3 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e40141e2dddb8b — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e80e578db6b36b7 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #050eac9ec24833e1 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84a0931d04f76194 — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:440

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bf95431b417df3e — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7369edfb91ac840 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a2eb52fe08e504 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ee031d0f5bf556 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f636caf19f4380 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39088b3037059dc4 — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc93bc51b7557080 — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e15f9ebc6afbf20 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1586

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed17a6f199805465 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2581

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f4fc7cb0107ac8 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2728

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49d66c317f0d8da2 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2858

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #938aa05086ec5146 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3245

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f4a19a06ae2750b — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3336

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8bd6ea4886146b — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84af5ff8049b0659 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74a8000ef96bcf82 — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f16d8718eba51f4f — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b12ab37a054e35e6 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd4dfe97a6c8f590 — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd8b944c5e694d4b — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9c17511e9bc4178 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f05c86c8b92dcbd2 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6486703872adc53 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d17eb474be8c276 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3defe1091e0f4ce5 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #955be8616e0a84da — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3758664f254f1f9 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f26148d5689e433 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06a51564426f87d — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c11e12ea605d19b — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb83a561b5924595 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0150fd49add75aba — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af9eae63ff037b68 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d50d0722649d0c — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da21a479855001f — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0834535704e99c76 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b32eb1d67ad71016 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db36290bb2e2f2a — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed1fdb3835dcccd5 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #feac8d4c4f9e0061 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adc9309209ff4926 — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #882427e2da5b15da — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f053369be0a2afd4 — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #424e4ecabd2c0344 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96f444b0b5a281fc — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3803359456d64b4f — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caeeb6143160277e — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9e902e59792718c — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35874b8924ea67bd — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827e58f8b4a6c875 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b4695035f96b802 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0e97d96e70c0d6b — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82cacd5eb0462282 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8a8135b4f983d2 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81738ce6c54286d7 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a4642915b281aff — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55771e42e00e6536 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08cef28ff43d9e71 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea377af256a04471 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aabfcf0115ce3ae6 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a62a25225d4a4987 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21065a8ba3fe3646 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6161c83054fcca75 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4f6deae7b2fd9ff — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9fbfb0365b9ed3f — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72d8b04f0519da8d — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b21052a030e6cc99 — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cfb316db3ba2b50 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a45b57fbb8edcb — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bde4142237e8cd — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82ac5e7f562bcb95 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb13ffc93a007af — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9626a73818cefa34 — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15669093db3d6698 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb02e7c960bf34b4 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20d27b43d411fab6 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01434a682a4e3c45 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f328ff1482dfb4a — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23a72c0e84256948 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc7cfc70c5a533fc — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76fa7fd3c9491692 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #378b9e542f5f2278 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8962509e14eb3311 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f82b5d2e1ee65840 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00844ecf1f439c13 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d245aae14cc4e556 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34495a8659db7f42 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc95b38e6094e67a — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2352761526aa2d1 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57295437205087cb — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d7f878cce1b5e4c — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c4afddc2d8685c1 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b9d00e05de73170 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34c4e4f1d9da3cbb — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce3ff8d270ee56a — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6509c570e467fab9 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c736196134513e9b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af44379fd20987ba — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9282f5f25b6e1e4c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88660a31a31fedd1 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3ccaa24570946c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d9c58cfb0d39e26 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02beedeeacb3e25c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d09d013600f27c52 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d14b9d2a522214b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d30e0343c0dc22bc — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ee9699296170301 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c696d625d2c2ae0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b9f6a8a39da1e5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41c9fe14d5f46db3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4540de63c0058d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #904549ed735c2ae8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce01205f10048141 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba4e3000570f0deb — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1184ddb0fc8b1cec — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89b0b6b1a994e0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1c5e6fa8615b7b9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8220a8412bbb34a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdaf784de51f03d2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada04bfbb43c6564 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efea0b1f69fe5b38 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75cdbc9bcf270a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f332b8e4a691407 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f7b635f93820191 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db9ea4ed4368662d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f16f789719fabda9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4b406560c6816b0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12a1a78adda02fe2 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4f657dae471bdf8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa22528d3dcbd9e — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85047b160b4afa95 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fca1f75372db6521 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fade9a0cb51a4ef — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #867c442a6fd70d43 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da8d4c9eb1cdaaa — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9973985fc8a860 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba7b16389d5c4f1 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34fc2117cff4840 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e10909b17b2eb3a4 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd48949dce579fc — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46772dbb7e708ba9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1688fc136dbf83c — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2716addcf9cc0b59 — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #706383ccdd3da3ba — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aad4b27e6e1ec71b — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c04bcbb05e9d68c — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7d23f164fe6f9b1 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764e3254daa8f4bd — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86420104202c3ae2 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d90d5470cb0321d5 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc92e0a22148926f — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237a058a7134ec7d — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ea21c7ce5b5396 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bb23cc14d97454 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a514b013ea5f12d1 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adaf2f11f5d80379 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a96aa139b1556f8b — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057460920aea1e53 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #331ec6b3530fc48e — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6cbd666ba1b4d8 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #507a5ad8077270ff — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2311c7b8e62c8045 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58b3112b1d141c0 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8058711b646bca5b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #294de6bba2b39d97 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a3709acd72ea8a — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56b5f3ea5aff1ed3 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b22ba3139e552b6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #711eababfd4ec31a — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15268110f8df3991 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7646825e2e7aacba — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4606bb538bb075e — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #219bc2623376eb1c — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85e90ce49b1a8329 — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d100e38bcc1003d7 — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07d9ccc93c07652f — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #493d7bcc96fc9be7 — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #486e0c4012bf7d4e — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6d3d767fdf6ba31 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32179b790c681d09 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcbb10afb7682076 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc3a655319e6ef5a — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a09c82ec97bf436 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6631c5bdb5437177 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55979d2958eb06a4 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97afd2daa5697cf3 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6b32dcb8e84b7c7 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cad6fd8d377516ed — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25591bb3c426ec54 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45a14dbba386b19f — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dafb334fdf178a7f — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e4dc075b46803d — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f51028223cebad63 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5e4294c15a51704 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2741f3203f5d93cf — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a2f74477aac1d2 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c908f8be2bd3a749 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5747e374c594952c — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3b3624744ae803d — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6758d1ef3b0c4c4 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5c8cc16f944b6ee — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #366e87fcfa3d65cf — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dabb2cabd17b0599 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #939c208152c2de8b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd0a1cb3b8387955 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1763470b5d484e32 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #948e4583e886666b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b5f18c6efd735f1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5dd1e82bfdedb06 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69ecf8ba9edadd46 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56df512b8460c08e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3160ff58c2522424 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e496340f60e6eba — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ac683c1460f37c — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01cca232c5d00d03 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1616d7f4f44c7d15 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #590905692b41203e — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bda5dd5af68ccb77 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b57a26b776ded91 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100f66377b512b31 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a07c6372a200b0a9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a3d27db16f4a79 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e61f52d1de91550 — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15f4e0c8c929a63b — Filesystem access.

repo/scripts/mergeChangelog.ts:188

const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a2a0d15e13f66d — Filesystem access.

repo/scripts/mergeChangelog.ts:212

await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4697640930a07e2d — Filesystem access.

repo/scripts/releaseUtils.ts:19

    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d1adb20c824ed29 — Filesystem access.

repo/scripts/releaseUtils.ts:55

    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #756940ba748e93b2 — Filesystem access.

repo/scripts/releaseUtils.ts:66

    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f7215e935a2f7b — Filesystem access.

repo/scripts/releaseUtils.ts:68

    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca3a958d2ea6088 — Environment-variable access.

repo/vitest.config.e2e.ts:4

const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9b4ba3ec56cbe4a — Environment-variable access.

repo/vitest.config.e2e.ts:6

const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3a8da1af7a9013d — Environment-variable access.

repo/vitest.config.e2e.ts:36

        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379fe2a3eb51c7b9 — Environment-variable access.

repo/vitest.config.e2e.ts:40

      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party

expand_more 18 low-confidence finding(s)

low env_fs test-only #e30e1fb5dda767c4 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #189d5382b3365a2a — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98cd9751acd83348 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e1929424d495f34 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6d73a54f85e9f9d — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #774334f0dd1b9e6c — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65eb8a399dfa2912 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be25eb4cc9358b05 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce392157023e13c5 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a921d284fc8f93e — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51dfa4c0ee6cb970 — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c079f936a6470010 — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c89ec2e729edde7a — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43fc92fdd2d154dd — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd4b1e39f2bd2288 — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f3917b2ff2979c6 — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1addfdeb4c7ab527 — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fb39dcfa31608e1 — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #5241123921175a2a — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fd5a4198c2fef00 — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party

expand_more 127 low-confidence finding(s)

low env_fs production #c0f2f6dc7032dec8 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #017163ae1558fe9e — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316e77f34fdc718b — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93487d6cd4a75c1a — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd091cdf762ef8d8 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7108618455d1bf92 — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eec605f9c4802df6 — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c5bc65c2871dc9 — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #191ffb9b1872a410 — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee6876d5e534ecf8 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c9b5a0df75fde24 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20d8f3b5893b3749 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10034da0c70a3920 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85905280faa77a41 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a46ed12db4d0056 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d727f706e8086d9 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec87d65ce9773ad4 — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d596bf97e5e929cc — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e48dd07368771d18 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b56f50c8b0964b6d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38ec43852bccc42 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c29832104a44db8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ebf71956113ff1d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #281ab778b731a0d0 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bef76b405f924c3f — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b7902f97ab26c70 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cb669d7f8b6e9cc — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8df3bbdbfaff3a1c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bae8a5d7dfbd694a — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61a76f16e7a34302 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5da73837ec857e1 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b78bbe76a08467ba — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1271d8b879e8770f — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0046b17804880fb8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1b4b75fbfecc5ab — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b55e2556f9019a3 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fb3b8d17901a2637 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a333a7b1b5d066a0 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1225a8594923656e — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c76f51710404af4 — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc35a92d1ccc8f71 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bf5dfa2ac98ae7f — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3e2b4b06f1c791d — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a33bcbb48e66786d — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #413b69dcfa5161da — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3d1ae0f3be8f0f4 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff04c14550e70034 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6f0ea6b3e3eee89 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #192c73f163c9d046 — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699f0863a86db216 — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2743836f3e3ff94f — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9f5d6fea3267fa7 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ba67b736b1692af — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad6cf6c8fdf3caf1 — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b81f160631029b2 — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb28f378696f1058 — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #544615b462e5008e — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c5ff3dab47bd87c — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3b482658a46fd4d — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #932d0542b3149721 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae78dda96e871b0a — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bef4a04903f38f99 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94b75f6c17c50139 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3336adb9cab6fd3 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e40141e2dddb8b — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e80e578db6b36b7 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #050eac9ec24833e1 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84a0931d04f76194 — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:440

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bf95431b417df3e — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7369edfb91ac840 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a2eb52fe08e504 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ee031d0f5bf556 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f636caf19f4380 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39088b3037059dc4 — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc93bc51b7557080 — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e15f9ebc6afbf20 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1586

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed17a6f199805465 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2581

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f4fc7cb0107ac8 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2728

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49d66c317f0d8da2 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2858

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #938aa05086ec5146 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3245

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f4a19a06ae2750b — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3336

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8bd6ea4886146b — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84af5ff8049b0659 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74a8000ef96bcf82 — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f16d8718eba51f4f — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b12ab37a054e35e6 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd4dfe97a6c8f590 — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd8b944c5e694d4b — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9c17511e9bc4178 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f05c86c8b92dcbd2 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6486703872adc53 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d17eb474be8c276 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3defe1091e0f4ce5 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #955be8616e0a84da — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3758664f254f1f9 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f26148d5689e433 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06a51564426f87d — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c11e12ea605d19b — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb83a561b5924595 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0150fd49add75aba — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af9eae63ff037b68 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d50d0722649d0c — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da21a479855001f — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0834535704e99c76 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b32eb1d67ad71016 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db36290bb2e2f2a — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed1fdb3835dcccd5 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #feac8d4c4f9e0061 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adc9309209ff4926 — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #882427e2da5b15da — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f053369be0a2afd4 — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #424e4ecabd2c0344 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96f444b0b5a281fc — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3803359456d64b4f — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caeeb6143160277e — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9e902e59792718c — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35874b8924ea67bd — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827e58f8b4a6c875 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b4695035f96b802 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0e97d96e70c0d6b — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82cacd5eb0462282 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8a8135b4f983d2 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81738ce6c54286d7 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a4642915b281aff — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55771e42e00e6536 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08cef28ff43d9e71 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea377af256a04471 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party

expand_more 164 low-confidence finding(s)

low env_fs test-only #aabfcf0115ce3ae6 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a62a25225d4a4987 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21065a8ba3fe3646 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6161c83054fcca75 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4f6deae7b2fd9ff — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9fbfb0365b9ed3f — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72d8b04f0519da8d — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b21052a030e6cc99 — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cfb316db3ba2b50 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a45b57fbb8edcb — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bde4142237e8cd — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82ac5e7f562bcb95 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb13ffc93a007af — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9626a73818cefa34 — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15669093db3d6698 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb02e7c960bf34b4 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20d27b43d411fab6 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01434a682a4e3c45 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f328ff1482dfb4a — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23a72c0e84256948 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc7cfc70c5a533fc — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76fa7fd3c9491692 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #378b9e542f5f2278 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8962509e14eb3311 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f82b5d2e1ee65840 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00844ecf1f439c13 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d245aae14cc4e556 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34495a8659db7f42 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc95b38e6094e67a — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2352761526aa2d1 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57295437205087cb — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d7f878cce1b5e4c — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c4afddc2d8685c1 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b9d00e05de73170 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34c4e4f1d9da3cbb — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce3ff8d270ee56a — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6509c570e467fab9 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c736196134513e9b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af44379fd20987ba — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9282f5f25b6e1e4c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88660a31a31fedd1 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3ccaa24570946c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d9c58cfb0d39e26 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02beedeeacb3e25c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d09d013600f27c52 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d14b9d2a522214b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d30e0343c0dc22bc — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ee9699296170301 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c696d625d2c2ae0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b9f6a8a39da1e5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41c9fe14d5f46db3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4540de63c0058d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #904549ed735c2ae8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce01205f10048141 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba4e3000570f0deb — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1184ddb0fc8b1cec — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89b0b6b1a994e0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1c5e6fa8615b7b9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8220a8412bbb34a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdaf784de51f03d2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada04bfbb43c6564 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efea0b1f69fe5b38 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75cdbc9bcf270a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f332b8e4a691407 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f7b635f93820191 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db9ea4ed4368662d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f16f789719fabda9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4b406560c6816b0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12a1a78adda02fe2 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4f657dae471bdf8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa22528d3dcbd9e — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85047b160b4afa95 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fca1f75372db6521 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fade9a0cb51a4ef — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #867c442a6fd70d43 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da8d4c9eb1cdaaa — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9973985fc8a860 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba7b16389d5c4f1 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34fc2117cff4840 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e10909b17b2eb3a4 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd48949dce579fc — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46772dbb7e708ba9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1688fc136dbf83c — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2716addcf9cc0b59 — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #706383ccdd3da3ba — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aad4b27e6e1ec71b — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c04bcbb05e9d68c — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7d23f164fe6f9b1 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764e3254daa8f4bd — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86420104202c3ae2 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d90d5470cb0321d5 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc92e0a22148926f — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237a058a7134ec7d — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ea21c7ce5b5396 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bb23cc14d97454 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a514b013ea5f12d1 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adaf2f11f5d80379 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a96aa139b1556f8b — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057460920aea1e53 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #331ec6b3530fc48e — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6cbd666ba1b4d8 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #507a5ad8077270ff — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2311c7b8e62c8045 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58b3112b1d141c0 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8058711b646bca5b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #294de6bba2b39d97 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a3709acd72ea8a — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56b5f3ea5aff1ed3 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b22ba3139e552b6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #711eababfd4ec31a — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15268110f8df3991 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7646825e2e7aacba — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4606bb538bb075e — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #219bc2623376eb1c — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85e90ce49b1a8329 — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d100e38bcc1003d7 — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07d9ccc93c07652f — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #493d7bcc96fc9be7 — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #486e0c4012bf7d4e — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6d3d767fdf6ba31 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32179b790c681d09 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcbb10afb7682076 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc3a655319e6ef5a — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a09c82ec97bf436 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6631c5bdb5437177 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55979d2958eb06a4 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97afd2daa5697cf3 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6b32dcb8e84b7c7 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cad6fd8d377516ed — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25591bb3c426ec54 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45a14dbba386b19f — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dafb334fdf178a7f — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e4dc075b46803d — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f51028223cebad63 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5e4294c15a51704 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2741f3203f5d93cf — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a2f74477aac1d2 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c908f8be2bd3a749 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5747e374c594952c — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3b3624744ae803d — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6758d1ef3b0c4c4 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5c8cc16f944b6ee — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #366e87fcfa3d65cf — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dabb2cabd17b0599 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #939c208152c2de8b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd0a1cb3b8387955 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1763470b5d484e32 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #948e4583e886666b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b5f18c6efd735f1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5dd1e82bfdedb06 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69ecf8ba9edadd46 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56df512b8460c08e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3160ff58c2522424 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e496340f60e6eba — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ac683c1460f37c — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01cca232c5d00d03 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1616d7f4f44c7d15 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #590905692b41203e — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bda5dd5af68ccb77 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b57a26b776ded91 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100f66377b512b31 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a07c6372a200b0a9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a3d27db16f4a79 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e61f52d1de91550 — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #aabfcf0115ce3ae6 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a62a25225d4a4987 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21065a8ba3fe3646 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6161c83054fcca75 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4f6deae7b2fd9ff — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #a9fbfb0365b9ed3f — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #6cfb316db3ba2b50 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a45b57fbb8edcb — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #72d8b04f0519da8d — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b21052a030e6cc99 — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #08bde4142237e8cd — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82ac5e7f562bcb95 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb13ffc93a007af — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9626a73818cefa34 — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #15669093db3d6698 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb02e7c960bf34b4 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20d27b43d411fab6 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01434a682a4e3c45 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #4f328ff1482dfb4a — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #23a72c0e84256948 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #00844ecf1f439c13 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d245aae14cc4e556 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34495a8659db7f42 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #dc7cfc70c5a533fc — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #76fa7fd3c9491692 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #378b9e542f5f2278 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8962509e14eb3311 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f82b5d2e1ee65840 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #dc95b38e6094e67a — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2352761526aa2d1 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57295437205087cb — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #6d7f878cce1b5e4c — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #9c4afddc2d8685c1 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b9d00e05de73170 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34c4e4f1d9da3cbb — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce3ff8d270ee56a — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6509c570e467fab9 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party

expand_more 35 low-confidence finding(s)

low env_fs test-only #c736196134513e9b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af44379fd20987ba — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9282f5f25b6e1e4c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88660a31a31fedd1 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3ccaa24570946c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d9c58cfb0d39e26 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02beedeeacb3e25c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d09d013600f27c52 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d14b9d2a522214b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d30e0343c0dc22bc — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ee9699296170301 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c696d625d2c2ae0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b9f6a8a39da1e5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41c9fe14d5f46db3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4540de63c0058d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #904549ed735c2ae8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce01205f10048141 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba4e3000570f0deb — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1184ddb0fc8b1cec — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89b0b6b1a994e0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1c5e6fa8615b7b9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8220a8412bbb34a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdaf784de51f03d2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada04bfbb43c6564 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efea0b1f69fe5b38 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75cdbc9bcf270a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f332b8e4a691407 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f7b635f93820191 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db9ea4ed4368662d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f16f789719fabda9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4b406560c6816b0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12a1a78adda02fe2 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4f657dae471bdf8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa22528d3dcbd9e — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85047b160b4afa95 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #fca1f75372db6521 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fade9a0cb51a4ef — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party

expand_more 9 low-confidence finding(s)

low env_fs production #2da8d4c9eb1cdaaa — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9973985fc8a860 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba7b16389d5c4f1 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34fc2117cff4840 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e10909b17b2eb3a4 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd48949dce579fc — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46772dbb7e708ba9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1688fc136dbf83c — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2716addcf9cc0b59 — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #867c442a6fd70d43 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #2da8d4c9eb1cdaaa — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #dc9973985fc8a860 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #1ba7b16389d5c4f1 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #a34fc2117cff4840 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e10909b17b2eb3a4 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs production #ddd48949dce579fc — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46772dbb7e708ba9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1688fc136dbf83c — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #706383ccdd3da3ba — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aad4b27e6e1ec71b — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #711eababfd4ec31a — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15268110f8df3991 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #6c04bcbb05e9d68c — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #b7d23f164fe6f9b1 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764e3254daa8f4bd — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86420104202c3ae2 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d90d5470cb0321d5 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #bc92e0a22148926f — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237a058a7134ec7d — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ea21c7ce5b5396 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bb23cc14d97454 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #a514b013ea5f12d1 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adaf2f11f5d80379 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a96aa139b1556f8b — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057460920aea1e53 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #331ec6b3530fc48e — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6cbd666ba1b4d8 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #507a5ad8077270ff — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2311c7b8e62c8045 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #f58b3112b1d141c0 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #8058711b646bca5b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #294de6bba2b39d97 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #f8a3709acd72ea8a — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56b5f3ea5aff1ed3 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #3b22ba3139e552b6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #32179b790c681d09 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcbb10afb7682076 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc3a655319e6ef5a — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a09c82ec97bf436 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #b6d3d767fdf6ba31 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party

expand_more 31 low-confidence finding(s)

low env_fs test-only #f51028223cebad63 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5e4294c15a51704 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2741f3203f5d93cf — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a2f74477aac1d2 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c908f8be2bd3a749 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5747e374c594952c — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3b3624744ae803d — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6758d1ef3b0c4c4 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5c8cc16f944b6ee — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #366e87fcfa3d65cf — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dabb2cabd17b0599 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #939c208152c2de8b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd0a1cb3b8387955 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1763470b5d484e32 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #948e4583e886666b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b5f18c6efd735f1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5dd1e82bfdedb06 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69ecf8ba9edadd46 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56df512b8460c08e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3160ff58c2522424 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e496340f60e6eba — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ac683c1460f37c — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01cca232c5d00d03 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1616d7f4f44c7d15 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #590905692b41203e — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bda5dd5af68ccb77 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b57a26b776ded91 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100f66377b512b31 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a07c6372a200b0a9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a3d27db16f4a79 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e61f52d1de91550 — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

first-party (npm): playground/nested-deps/test-package-a prod — scan budget exceeded
first-party (npm): playground/nested-deps/self-referencing prod — scan budget exceeded
first-party (npm): playground/nested-deps/test-package-e/test-package-e-included prod — scan budget exceeded
first-party (npm): playground/nested-deps/test-package-e/test-package-e-excluded prod — scan budget exceeded
first-party (npm): playground/nested-deps/test-package-b/node_modules/test-package-a prod — scan budget exceeded
first-party (npm): playground/nested-deps/test-package-d/test-package-d-nested prod — scan budget exceeded
first-party (npm): playground/js-sourcemap/dep-optimized-malicious prod — scan budget exceeded
first-party (npm): playground/js-sourcemap/dep-class-field-sourcemap-oxc prod — scan budget exceeded
first-party (npm): playground/js-sourcemap/dep-class-field-sourcemap-babel prod — scan budget exceeded
first-party (npm): playground/js-sourcemap/dep-malicious-sourcemap prod — scan budget exceeded
first-party (npm): playground/js-sourcemap/importee-pkg prod — scan budget exceeded
first-party (npm): playground/preserve-symlinks/module-a prod — scan budget exceeded
first-party (npm): playground/minify/dir/module prod — scan budget exceeded
first-party (npm): playground/ssr-deps/non-optimized-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/primitive-export prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-include prod — scan budget exceeded
first-party (npm): playground/ssr-deps/object-assigned-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/forwarded-export prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/define-property-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/read-file-content prod — scan budget exceeded
first-party (npm): playground/ssr-deps/no-external-css prod — scan budget exceeded
first-party (npm): playground/ssr-deps/module-condition prod — scan budget exceeded
first-party (npm): playground/ssr-deps/import-builtin-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/pkg-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/define-properties-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-external-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/css-lib prod — scan budget exceeded
first-party (npm): playground/ssr-deps/no-external-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/require-absolute prod — scan budget exceeded
first-party (npm): playground/ssr-deps/optimized-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/linked-no-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/optimized-cjs-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
first-party (npm): docs prod — scan budget exceeded
lightningcss prod — scan budget exceeded
picomatch prod — scan budget exceeded
postcss prod — scan budget exceeded
tinyglobby prod — scan budget exceeded
@babel/core prod — scan budget exceeded
@babel/plugin-transform-dynamic-import prod — scan budget exceeded
@babel/plugin-transform-modules-systemjs prod — scan budget exceeded
@babel/preset-env prod — scan budget exceeded
babel-plugin-polyfill-corejs3 prod — scan budget exceeded
babel-plugin-polyfill-regenerator prod — scan budget exceeded
browserslist prod — scan budget exceeded
browserslist-to-esbuild prod — scan budget exceeded
core-js prod — scan budget exceeded
regenerator-runtime prod — scan budget exceeded
systemjs prod — scan budget exceeded
@tailwindcss/vite prod — scan budget exceeded
tailwindcss prod — scan budget exceeded
@vitejs/test-dep-no-discovery prod — scan budget exceeded
vue prod — scan budget exceeded
vuex prod — scan budget exceeded
clipboard prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
@vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
@vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
@vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
@vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
@vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
@vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
@vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
@vitejs/test-dep-css-require prod — scan budget exceeded
@vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
@vitejs/test-dep-incompatible prod — scan budget exceeded
@vitejs/test-dep-linked prod — scan budget exceeded
@vitejs/test-dep-linked-include prod — scan budget exceeded
@vitejs/test-dep-node-env prod — scan budget exceeded
@vitejs/test-dep-not-js prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
@vitejs/test-dep-relative-to-main prod — scan budget exceeded
@vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
@vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
@vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
@vitejs/test-dep-non-optimized prod — scan budget exceeded
@vitejs/test-added-in-entries prod — scan budget exceeded
@vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
@vitejs/test-dep-with-assets prod — scan budget exceeded
@vitejs/test-dep-lodash prod — scan budget exceeded
@vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
@vitejs/test-dep-lodash-es prod — scan budget exceeded
@vitejs/test-nested-exclude prod — scan budget exceeded
phoenix prod — scan budget exceeded
react prod — scan budget exceeded
react-dom prod — scan budget exceeded
@vitejs/test-resolve-linked prod — scan budget exceeded
@vitejs/test-alias-original prod — scan budget exceeded
aliased-module prod — scan budget exceeded
@vue/shared prod — scan budget exceeded
@vitejs/test-import-assertion-dep prod — scan budget exceeded
@vitejs/test-dep-that-imports prod — scan budget exceeded
@vitejs/test-dep-that-requires prod — scan budget exceeded
@vitejs/test-commonjs-dep prod — scan budget exceeded
@vitejs/test-deep-import prod — scan budget exceeded
@vitejs/test-entries prod — scan budget exceeded
@vitejs/test-module-sync prod — scan budget exceeded
@vitejs/test-resolve-pkg-exports prod — scan budget exceeded
@tailwindcss/postcss prod — scan budget exceeded
@vitejs/test-external-cjs prod — scan budget exceeded
@vitejs/test-require-external-cjs prod — scan budget exceeded
@vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
@vitejs/test-ssr-conditions-external prod — scan budget exceeded
@vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
autoprefixer prod — scan budget exceeded
@babel/runtime prod — scan budget exceeded
normalize.css prod — scan budget exceeded
@vitejs/test-resolve-browser-field prod — scan budget exceeded
@vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded

Development

@eslint/js dev — scan budget exceeded
@type-challenges/utils dev — scan budget exceeded
@types/babel__core dev — scan budget exceeded
@types/babel__preset-env dev — scan budget exceeded
@types/convert-source-map dev — scan budget exceeded
@types/cross-spawn dev — scan budget exceeded
@types/etag dev — scan budget exceeded
@types/less dev — scan budget exceeded
@types/node dev — scan budget exceeded
@types/picomatch dev — scan budget exceeded
@types/stylus dev — scan budget exceeded
@types/ws dev — scan budget exceeded
@vitejs/release-scripts dev — scan budget exceeded
eslint dev — scan budget exceeded
eslint-plugin-import-x dev — scan budget exceeded
eslint-plugin-n dev — scan budget exceeded
eslint-plugin-regexp dev — scan budget exceeded
execa dev — scan budget exceeded
globals dev — scan budget exceeded
lint-staged dev — scan budget exceeded
oxfmt dev — scan budget exceeded
picocolors dev — scan budget exceeded
playwright-chromium dev — scan budget exceeded
rolldown dev — scan budget exceeded
rollup dev — scan budget exceeded
simple-git-hooks dev — scan budget exceeded
tsx dev — scan budget exceeded
typescript dev — scan budget exceeded
typescript-eslint dev — scan budget exceeded
vite dev — scan budget exceeded
vitest dev — scan budget exceeded
@clack/prompts dev — scan budget exceeded
@vercel/detect-agent dev — scan budget exceeded
cross-spawn dev — scan budget exceeded
mri dev — scan budget exceeded
tsdown dev — scan budget exceeded
unrun dev — scan budget exceeded
@babel/parser dev — scan budget exceeded
@jridgewell/remapping dev — scan budget exceeded
@jridgewell/trace-mapping dev — scan budget exceeded
@polka/compression dev — scan budget exceeded
@rollup/plugin-alias dev — scan budget exceeded
@rollup/plugin-dynamic-import-vars dev — scan budget exceeded
@rollup/pluginutils dev — scan budget exceeded
@types/escape-html dev — scan budget exceeded
@types/pnpapi dev — scan budget exceeded
@vitejs/devtools dev — scan budget exceeded
@vitest/utils dev — scan budget exceeded
@voidzero-dev/vite-task-client dev — scan budget exceeded
artichokie dev — scan budget exceeded
baseline-browser-mapping dev — scan budget exceeded
cac dev — scan budget exceeded
chokidar dev — scan budget exceeded
connect dev — scan budget exceeded
convert-source-map dev — scan budget exceeded
cors dev — scan budget exceeded
dotenv-expand dev — scan budget exceeded
es-module-lexer dev — scan budget exceeded
esbuild dev — scan budget exceeded
escape-html dev — scan budget exceeded
estree-walker dev — scan budget exceeded
etag dev — scan budget exceeded
fresh-import dev — scan budget exceeded
host-validation-middleware dev — scan budget exceeded
http-proxy-3 dev — scan budget exceeded
launch-editor-middleware dev — scan budget exceeded
magic-string dev — scan budget exceeded
mlly dev — scan budget exceeded
mrmime dev — scan budget exceeded
nanoid dev — scan budget exceeded
obug dev — scan budget exceeded
open dev — scan budget exceeded
parse5 dev — scan budget exceeded
pathe dev — scan budget exceeded
periscopic dev — scan budget exceeded
postcss-import dev — scan budget exceeded
postcss-load-config dev — scan budget exceeded
postcss-modules dev — scan budget exceeded
premove dev — scan budget exceeded
resolve.exports dev — scan budget exceeded
rolldown-plugin-dts dev — scan budget exceeded
rollup-plugin-license dev — scan budget exceeded
sass dev — scan budget exceeded
sass-embedded dev — scan budget exceeded
sirv dev — scan budget exceeded
strip-literal dev — scan budget exceeded
terser dev — scan budget exceeded
ufo dev — scan budget exceeded
ws dev — scan budget exceeded
acorn dev — scan budget exceeded
css-color-names dev — scan budget exceeded
kill-port dev — scan budget exceeded
url dev — scan budget exceeded
express dev — scan budget exceeded
slash3 dev — scan budget exceeded
slash5 dev — scan budget exceeded
vue34 dev — scan budget exceeded
pug dev — scan budget exceeded
@types/react dev — scan budget exceeded
@types/react-dom dev — scan budget exceeded
react-fake-client dev — scan budget exceeded
react-fake-server dev — scan budget exceeded
@vitejs/test-css-dep dev — scan budget exceeded
@vitejs/test-css-dep-exports dev — scan budget exceeded
@vitejs/test-css-js-dep dev — scan budget exceeded
@vitejs/test-css-proxy-dep dev — scan budget exceeded
@vitejs/test-scss-proxy-dep dev — scan budget exceeded
less dev — scan budget exceeded
postcss-nested dev — scan budget exceeded
stylus dev — scan budget exceeded
sugarss dev — scan budget exceeded
@vitejs/test-json-require dev — scan budget exceeded
@vitejs/test-json-module dev — scan budget exceeded

verified_user No application data leak found

App Privacy Score

bar_chart Score Breakdown

list Scan Summary

swap_horiz External domains

</> First-Party Code

first-party (npm)

first-party (npm): packages/create-vite

first-party (npm): packages/plugin-legacy

first-party (npm): packages/vite

first-party (npm): playground

first-party (npm): playground/assets

first-party (npm): playground/csp

first-party (npm): playground/css

first-party (npm): playground/css-lightningcss-proxy

first-party (npm): playground/env

first-party (npm): playground/environment-react-ssr

first-party (npm): playground/external

first-party (npm): playground/fs-serve

first-party (npm): playground/hmr

first-party (npm): playground/hmr-full-bundle-mode

first-party (npm): playground/hmr-ssr

first-party (npm): playground/js-sourcemap

first-party (npm): playground/json

first-party (npm): playground/legacy

first-party (npm): playground/lib

first-party (npm): playground/minify

first-party (npm): playground/optimize-deps

first-party (npm): playground/optimize-deps-no-discovery

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

first-party (npm): playground/optimize-deps/dep-linked-include

first-party (npm): playground/optimize-deps/dep-node-env

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

first-party (npm): playground/optimize-missing-deps

first-party (npm): playground/ssr

first-party (npm): playground/ssr-alias

first-party (npm): playground/ssr-conditions

first-party (npm): playground/ssr-deps

first-party (npm): playground/ssr-html

first-party (npm): playground/ssr-noexternal

first-party (npm): playground/ssr-pug

first-party (npm): playground/ssr-resolve

first-party (npm): playground/ssr-wasm

first-party (npm): playground/ssr-webworker

first-party (npm): playground/tsconfig-json

first-party (npm): playground/tsconfig-json-load-error

first-party (npm): playground/worker

Skipped dependencies