Close Open Privacy Scan
App Privacy Score
Low risk · 36 finding(s)
Dependency score: 82 (Low risk)
bar_chart Score Breakdown
No category deductions recorded.
list Scan Summary
swap_horiz External domains
aistudio.google.comapi-inference.huggingface.coapi.anthropic.comapi.bitbucket.orgapi.cerebras.aiapi.cohere.comapi.deepseek.comapi.fireworks.aiapi.github.comapi.groq.comapi.hyperbolic.xyzapi.keygen.shapi.mistral.aiapi.moonshot.aiapi.netlify.comapi.openai.comapi.perplexity.aiapi.supabase.comapi.together.xyzapi.vercel.comapi.x.aiapi.z.aiapp.hyperbolic.xyzapp.netlify.comapp.supabase.comcdn.jsdelivr.netcdn.simpleicons.orgcircumicons.comcloud.cerebras.aiconsole.anthropic.comconsole.aws.amazon.comconsole.groq.comconsole.mistral.aicreativecommons.orgdashboard.cohere.comdate-fns.orgdeveloper.mozilla.orgdocs.python.orgdocs.x.aierikflowers.github.iofeathericons.comfireworks.aifontawesome.comfonts.google.comfonts.googleapis.comfonts.gstatic.comgame-icons.netgenerativelanguage.googleapis.comgithub.comgitlab.comgoogle.github.iohuggingface.coicons.radix-ui.comicons8.comionicons.comjson-schema.orglmstudio.ailocalai.iolucide.devmcp.deepwiki.commodelcontextprotocol.iomodels.github.aiocticons.github.comollama.comopen.bigmodel.cnopenrouter.aiopensource.orgplatform.deepseek.complatform.moonshot.aiplatform.openai.compypi.orgraw.githubusercontent.comreact-dnd.github.ioreact.devreactjs.orgs-ings.comscripts.sil.orgsimpleicons.orgsquidfunk.github.iostackblitz-labs.github.iostackblitz.comstuk.github.iosupabase.comsupport.bolt.newt.lythesabbir.github.iounpkg.comupload.wikimedia.orgvercel.comvorillaz.github.iowww.apache.orgwww.perplexity.aiwww.w3.orgyour-gitlab-instance.com
</> Dependencies
mkdocs-material
python dependencyexpand_more 36 low-confidence finding(s)
with open(file, encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "w", encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file.abs_src_path, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
res = requests.get(url, allow_redirects = False)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
"env:$PYTHONPATH": os.getenv("PYTHONPATH", ""),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
"env:$VIRTUAL_ENV": os.getenv("VIRTUAL_ENV", ""),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(f"{example}.zip", "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(abs_src_path, encoding ="utf-8-sig") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(project_config_file, encoding="utf-8-sig") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file.abs_src_path, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, "w", encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file.abs_src_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(initiator.abs_src_path, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
res = requests.get(
file.url,
headers = {
# Set user agent explicitly, so Google Fonts gives us
# *.woff2 files, which according to caniuse.com is the
# only format we need to download as it covers the range
# range of browsers we're officially supporting.
"User-Agent": " ".join(
[
"Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
"AppleWebKit/537.36 (KHTML, like Gecko)",
"Chrome/98.0.4758.102 Safari/537.36",
]
)
},
timeout=DEFAULT_TIMEOUT_IN_SECS,
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(initiator.abs_src_path, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.manifest_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(background.image, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, encoding = "utf-8-sig") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
res = requests.get(url)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with requests.get(match) as res:
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(path, "w", encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "r", encoding = "utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if is_mkdocs() and not os.getenv("NO_MKDOCS_2_WARNING"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["NO_MKDOCS_2_WARNING"] = "true"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- @codemirror/autocomplete prod — dist-only: no readable source
- @codemirror/commands prod — dist-only: no readable source
- @codemirror/lang-markdown prod — dist-only: no readable source
- @codemirror/language prod — dist-only: no readable source
- @codemirror/search prod — dist-only: no readable source
- @codemirror/view prod — dist-only: no readable source
- @codemirror/state prod — dist-only: no readable source
- @headlessui/react prod — dist-only: no readable source
- @radix-ui/react-tabs prod — dist-only: no readable source
- @radix-ui/react-tooltip prod — dist-only: no readable source
- @remix-run/cloudflare prod — dist-only: no readable source
- @remix-run/cloudflare-pages prod — dist-only: no readable source
- @remix-run/react prod — dist-only: no readable source
- @unocss/reset prod — no javascript source
- ai prod — dist-only: no readable source
- class-variance-authority prod — dist-only: no readable source
- framer-motion prod — dist-only: no readable source
- jose prod — dist-only: no readable source
- ollama-ai-provider prod — dist-only: no readable source
- react-chartjs-2 prod — dist-only: no readable source
- react-hotkeys-hook prod — dist-only: no readable source
- react-resizable-panels prod — dist-only: no readable source
- react-window prod — dist-only: no readable source
- shiki prod — dist-only: no readable source
- use-debounce prod — dist-only: no readable source