Close Open Privacy Scan

bolt Snapshot: commit fdefbcf
science engine v2
schedule 2026-07-07T08:15:40.332706+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100
Low privacy risk

Low risk · 824 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 824 low
First-party packages: 44
Dependency packages: 0
Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party
expand_more 329 low-confidence finding(s)
low env_fs production #6e41711a4b7bfa9e Filesystem access.
repo/docs/.vitepress/buildEnd.config.ts:49
  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #750421c5d44a5cf3 Environment-variable access.
repo/docs/.vitepress/config.ts:26
const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4c175c2fa08b98f Environment-variable access.
repo/docs/.vitepress/config.ts:27
const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9a948be7c1ab4b2f Hardcoded external endpoint. Review what data is sent to this destination.
repo/docs/.vitepress/theme/composables/sponsor.ts:18
    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e5d6626468b0a6b7 Filesystem access.
repo/docs/_data/acknowledgements.data.ts:114
  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f9e5a8c287515e Filesystem access.
repo/docs/_data/acknowledgements.data.ts:202
    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3d3398484f886d6 Environment-variable access.
repo/eslint.config.js:13
const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82b43dd627f5816a Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c2314d77b11a7a0 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c76c0ff95bc1522 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7e7ad719d7877ef Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ed02f1700a6a118 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f076eb29b50b0128 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6e7a58e6ce19103 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eaae935e0645b37b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da78a557e0c3fa1 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aec12ef4139e9d25 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81737e7db7daf231 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7208693d39a4876 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fb10af2bb7cf9c6 Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26cbb9805557cad3 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1396d1d350bfd82 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27209152e28efd0d Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3215253fbec2eb2b Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec0751c2302eeac9 Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec7912e548f0e891 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c767d56f287cf564 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:182
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72b767dc5eae51f5 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #603c38b664db521f Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #114bfdf4613990a9 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #453666ce6f94d6ad Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f5d917161f1cd6f Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12ba9fb577d9584c Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8bb61c3426000f7 Filesystem access.
repo/packages/vite/rolldown.config.ts:180
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c18fd5de66064b18 Filesystem access.
repo/packages/vite/rolldown.config.ts:184
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #349abda1f44e52e3 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39331ca41a15eab8 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e6672b7ad369737 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc3f704831e44db1 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #159dd8b14caa23ae Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b851859276bf075 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b52e642aad9fec3f Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f8d35291a996850 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff784cf911e0e02a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f0ddf5fe61ad0f9 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c97221ce6aeefdb Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fc5db286d81c79f Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f85c45a17eccca4d Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #079bc4503ebd114e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4fc2899422f9388 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad644d13d48ab68 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f149a8c8cfb48119 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f2354278fb60bf7 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7109a4cfcec8c59 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acd00107baa2b7b2 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fba1f7810605a863 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60b8be634233deff Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bb8558074887260 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14f955565392612c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9738c8024112a80 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06ee4e9080a5ec67 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab7def9d27b36ae9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce6193be815ffbf9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16501e79f0a0359b Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32848a5d7939ec61 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62741de593d35792 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f5b5937a180ca23 Filesystem access.
repo/packages/vite/src/node/cli.ts:80
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dead8f3dfdd52de5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d86d0076eb414cb Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54786849c0e7b943 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0abcf11f17250ba Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #249153b428216445 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #667b126bb002bf7e Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fee0029c6902c5c4 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #688a1f7dd93b4cf6 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9b65a67258616f Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b8599000e8a41e Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b80d5fb5ffa5fa3 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b2d2e534b97ea56 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f8ac581bc9458ad Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56b6f66a13098d0d Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c9db7ba062fb7fd Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f9310f5afc636ed Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ecf3e9e4b18496b Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ca915827e62c6f Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e82aabd6c85f7a57 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c7ed0ecb3007b27 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfd8c7c16740b8ac Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8088026670fbc7f7 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f052f5633713e18 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fa2a426b0f3007e Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a2c90424a7fbb07 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f83806fb024236bf Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38ab64ed8c1b9776 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afaefe33cf2c4269 Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e563a0657c6aa84 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a905419e6f9e200 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbfebca994d62ef3 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02115ec08d489000 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7459e39bd1e028c1 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c82c63c1eeb2c1 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6bfd5884fba22e7 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1af24159a0e7fc12 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2733d7fd6ade42d Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16427ec4620e62ee Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d64fdcd420993740 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8be9f91c2dd10a0 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac69aa18b16b8663 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #397cf298674c5d95 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14c0b1ddde526a7 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3afc4ba6f2d0fc81 Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02847f77873b3cc6 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c391f2705ed78a45 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efdb433ecc3f8da5 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69c29027c20e82cf Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d4b8c447887da6d Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6b3992056cb33e Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e82cacd36e0a5834 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0bf1049b021d90 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d5d339603de357d Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81a0f3d8a0c3d4b2 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9010e5d82af31b7 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48bc638d7ab5fa15 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1aeb26f209182cd Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d365901f7e2fd67 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbc85ee045615632 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64973e32a484b6d3 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ea1cdb9e224d0c Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f9a6c83f950f5eb Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b47bddb56e56961 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35a8cb812cb7fdb0 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e25bb0932b50c43 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26287b5c68670552 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9beff964e894f582 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12551f9fbbd74243 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ef3ff7d754c3d87 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699b65408427a77a Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe0262c6608ced51 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #552c7881abca86a9 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06dd89c2bc06d4ea Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #733dc3904a9996ca Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce175ca38ed41e58 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #474dcb44f83ae649 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26298de60af36523 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3bc355dc82e399cd Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a16dcb85fdd30ea Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1249a03f29eeba62 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0deb8a0c78531af7 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #556f395889cf7f9a Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f2309068ef8717 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8b42f0c05c4c26e Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b4780856ffda01 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5bdeba2018810cb Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #339d0e12f69ce1ef Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03aca5b81a40f9dc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5601e3d326c3cbf4 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d65da97a91d69c82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0bc3dfe21ef6be08 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b61191e1e54182b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0b5ef5aa852284a Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0d06b53a38a12aa Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbba57df01c4e59 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d83cd03fc4a17c8 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b2916245448b32 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dbc9f081584e4b6 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c936a01ed2daf7 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4074bf73be42a650 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8712a7dd0f35b1fa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bee302a334406a7 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #938ec2cf99aaa188 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cf649a09074faad Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #440e6224e9f6d46a Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fc077808902705 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e5dc6c7ed237d6c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #607cbb0497653990 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #704781d186e808da Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9980b938196ba458 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1860860af8575d1a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7431f4161d9bf1b8 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0de63ad8f781ea3b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54fd789d13386b45 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7048c1076912a3fd Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8e115784d9c57f Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cbddf4366154b3c Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77dddc1a5faab1d0 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b0723c660c3f0d Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e71908a3f842914 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba12058f93933d81 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #193908b368afb2e3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c1c5457b251f84b Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03fe63c7a7778d29 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #220c702d4064b38e Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c8164a5d6851dab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545b1cd17a462ef3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9095b1864c09d4bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e46eb06a9d4d48fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8316eea47fc0e3b2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f571fca19a55fd67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38107baa7939d19f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02a41e5bedbb125b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d4d3aa448c0f15d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee712306701e46f3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eac1d13ba8c7f6c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4eb1b8ec7f3eda25 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53a8b96fc5294224 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7da08e4741850a1a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee72edd59bc264b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29445f0a6f29a74c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #761d9a8207f0c311 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac7d4517ef8cec41 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #831ad6cfcb801696 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31cfca86c181a854 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #711267b68d329115 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5da2eb9347fcb847 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a049d1d1a46ee2d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89ed36277e191f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d845c672051c13d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78b818d518ec46b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc1ee0a6c3c8aa67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22e08473fa89ae88 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #52cd8ea4f119dbe7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d85c19c58869e97 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdda717f38ede3ce Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d75a60e2c5deef Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fe0045e7b4182f8 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62d7745da90cf605 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5738750af9df259c Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa11ee8a32b58a4c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17507445167467ed Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #032c0a20cce71ff8 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fc84681aef7e471 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30ceae3e494e0882 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a7c8c4e54d34cc4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba39cced72ac6985 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf4aee2318db242b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67a49f1378e0bab3 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec89611931c3b17a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01b228b8105ca5b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bceca85fcda8b34b Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16ec86043621be9c Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d3bec79f8e8f88 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b92e39cdcb8d0e97 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #862365e13afaa952 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #156507c9c3469619 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #505228bdce90ba05 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1849fe68b8bc3d09 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #feed1da0fa897c6c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7642ffee42376f Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19facc62443d6e13 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbbd8c9a8aaa037 Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fdc67cc16aa9cd0 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f810f7693d75a472 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfc95aa1b81880c Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b073b89987e1c289 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9310aeeb3d3e4c42 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ffe8a9de2245029 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22951f6e5b633d0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89878e1a9e9481f Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36ac90bf92e71d64 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48cadb399ab33b39 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #678782c610454829 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a513bcc682583956 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cc8c5174a9f6297 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b72db9f8f112f329 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0cfde00da2e2833 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9012c92fbfbdde2 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13e46e0ead4045b2 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e22f98f301041a Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdaee202b667c020 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbf203e726af5689 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b00752383b254d4 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #360dfdefd9d71749 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d723b9f4e50c774d Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e5f5a44f3d1965 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a27af9a1ab6c228e Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4f635dde4435997 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff56989851757104 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #750080b17037d82f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0eccab130030eec Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bd9b2f2791c921e Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56fc305f74e2f660 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f3a044f24e64e4 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4302d541fa37e04d Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce17285d91923b7f Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fabad9ed29ecf45 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2863aeee9c2a47af Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92afaa692355c304 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8f3fa87487fd3ee Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5c4f870b3e5598c Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66594fb70e724a13 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #399d5320392f1134 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45c6eaca375580e5 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cf07c1884990967 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02d26e5750f8a84f Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7701a92237523f22 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8fec35fb9c85ac1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f97ed26d0a36fc3 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1a669c5643bfdbe Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f527c5e6fec1975e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d50f7a04db5c34e Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ee83cedd972fdf0 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #902bd916a1bd19a1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be5d8ca9ecad9c44 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a4c0f6d62aeda24 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #435b5ad0085e5d5f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70d8bad65fe490c3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d1b501e2ea2b149 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42b159b633e6b99e Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14af558520bd16ea Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22b2658fbc7dbd7 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #747dc0abb21d91d2 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e4da2c8b92a6d1f Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bc4da6c6ff1ec28 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #447204c3be97368e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbfaa0be0b6cea0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e66d13ce03537340 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a836f08fc22697d Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca57945d7f750cb Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b612c57d0d383332 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2eb9d5c3286edbca Filesystem access.
repo/scripts/mergeChangelog.ts:188
const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dac948503610416 Filesystem access.
repo/scripts/mergeChangelog.ts:212
await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be132b4f51e93710 Filesystem access.
repo/scripts/releaseUtils.ts:19
    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e164dcff2f1e61c Filesystem access.
repo/scripts/releaseUtils.ts:55
    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25b6596cba793754 Filesystem access.
repo/scripts/releaseUtils.ts:66
    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #646ae96271391810 Filesystem access.
repo/scripts/releaseUtils.ts:68
    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d011941d167105bd Environment-variable access.
repo/vitest.config.e2e.ts:4
const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d1f5e071ac3aba1 Environment-variable access.
repo/vitest.config.e2e.ts:6
const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da948e209033114b Environment-variable access.
repo/vitest.config.e2e.ts:36
        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #860986ef380d27f4 Environment-variable access.
repo/vitest.config.e2e.ts:40
      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party
expand_more 18 low-confidence finding(s)
low env_fs test-only #82b43dd627f5816a Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c2314d77b11a7a0 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c76c0ff95bc1522 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7e7ad719d7877ef Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ed02f1700a6a118 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f076eb29b50b0128 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6e7a58e6ce19103 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eaae935e0645b37b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da78a557e0c3fa1 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aec12ef4139e9d25 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81737e7db7daf231 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7208693d39a4876 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fb10af2bb7cf9c6 Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26cbb9805557cad3 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1396d1d350bfd82 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27209152e28efd0d Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3215253fbec2eb2b Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec0751c2302eeac9 Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #ec7912e548f0e891 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c767d56f287cf564 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:182
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party
expand_more 127 low-confidence finding(s)
low env_fs production #72b767dc5eae51f5 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #603c38b664db521f Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #114bfdf4613990a9 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #453666ce6f94d6ad Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f5d917161f1cd6f Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12ba9fb577d9584c Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8bb61c3426000f7 Filesystem access.
repo/packages/vite/rolldown.config.ts:180
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c18fd5de66064b18 Filesystem access.
repo/packages/vite/rolldown.config.ts:184
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #349abda1f44e52e3 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39331ca41a15eab8 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e6672b7ad369737 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc3f704831e44db1 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #159dd8b14caa23ae Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b851859276bf075 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b52e642aad9fec3f Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f8d35291a996850 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff784cf911e0e02a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f0ddf5fe61ad0f9 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c97221ce6aeefdb Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fc5db286d81c79f Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f85c45a17eccca4d Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #079bc4503ebd114e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4fc2899422f9388 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad644d13d48ab68 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f149a8c8cfb48119 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f2354278fb60bf7 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7109a4cfcec8c59 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acd00107baa2b7b2 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fba1f7810605a863 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60b8be634233deff Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bb8558074887260 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14f955565392612c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9738c8024112a80 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06ee4e9080a5ec67 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab7def9d27b36ae9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce6193be815ffbf9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16501e79f0a0359b Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32848a5d7939ec61 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62741de593d35792 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f5b5937a180ca23 Filesystem access.
repo/packages/vite/src/node/cli.ts:80
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dead8f3dfdd52de5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d86d0076eb414cb Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54786849c0e7b943 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0abcf11f17250ba Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #249153b428216445 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #667b126bb002bf7e Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fee0029c6902c5c4 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #688a1f7dd93b4cf6 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9b65a67258616f Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b8599000e8a41e Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b80d5fb5ffa5fa3 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b2d2e534b97ea56 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f8ac581bc9458ad Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56b6f66a13098d0d Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c9db7ba062fb7fd Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f9310f5afc636ed Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ecf3e9e4b18496b Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ca915827e62c6f Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e82aabd6c85f7a57 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c7ed0ecb3007b27 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfd8c7c16740b8ac Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8088026670fbc7f7 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f052f5633713e18 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fa2a426b0f3007e Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a2c90424a7fbb07 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f83806fb024236bf Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38ab64ed8c1b9776 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afaefe33cf2c4269 Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e563a0657c6aa84 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a905419e6f9e200 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbfebca994d62ef3 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02115ec08d489000 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7459e39bd1e028c1 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c82c63c1eeb2c1 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6bfd5884fba22e7 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1af24159a0e7fc12 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2733d7fd6ade42d Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16427ec4620e62ee Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d64fdcd420993740 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8be9f91c2dd10a0 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac69aa18b16b8663 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #397cf298674c5d95 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14c0b1ddde526a7 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3afc4ba6f2d0fc81 Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02847f77873b3cc6 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c391f2705ed78a45 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efdb433ecc3f8da5 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69c29027c20e82cf Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d4b8c447887da6d Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6b3992056cb33e Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e82cacd36e0a5834 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0bf1049b021d90 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d5d339603de357d Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81a0f3d8a0c3d4b2 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9010e5d82af31b7 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48bc638d7ab5fa15 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1aeb26f209182cd Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d365901f7e2fd67 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbc85ee045615632 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64973e32a484b6d3 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ea1cdb9e224d0c Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f9a6c83f950f5eb Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b47bddb56e56961 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35a8cb812cb7fdb0 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e25bb0932b50c43 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26287b5c68670552 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9beff964e894f582 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12551f9fbbd74243 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ef3ff7d754c3d87 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699b65408427a77a Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe0262c6608ced51 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #552c7881abca86a9 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06dd89c2bc06d4ea Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #733dc3904a9996ca Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce175ca38ed41e58 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #474dcb44f83ae649 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26298de60af36523 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3bc355dc82e399cd Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a16dcb85fdd30ea Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1249a03f29eeba62 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0deb8a0c78531af7 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #556f395889cf7f9a Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f2309068ef8717 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8b42f0c05c4c26e Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b4780856ffda01 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5bdeba2018810cb Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #339d0e12f69ce1ef Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite/src/node/__tests__

npm first-party
expand_more 26 low-confidence finding(s)
low env_fs test-only #159dd8b14caa23ae Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b851859276bf075 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b52e642aad9fec3f Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f8d35291a996850 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff784cf911e0e02a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f0ddf5fe61ad0f9 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c97221ce6aeefdb Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fc5db286d81c79f Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f85c45a17eccca4d Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #079bc4503ebd114e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4fc2899422f9388 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad644d13d48ab68 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f149a8c8cfb48119 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f2354278fb60bf7 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7109a4cfcec8c59 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acd00107baa2b7b2 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fba1f7810605a863 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60b8be634233deff Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bb8558074887260 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14f955565392612c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9738c8024112a80 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06ee4e9080a5ec67 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab7def9d27b36ae9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce6193be815ffbf9 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16501e79f0a0359b Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32848a5d7939ec61 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party
expand_more 165 low-confidence finding(s)
low env_fs test-only #03aca5b81a40f9dc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5601e3d326c3cbf4 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d65da97a91d69c82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0bc3dfe21ef6be08 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b61191e1e54182b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0b5ef5aa852284a Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0d06b53a38a12aa Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbba57df01c4e59 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d83cd03fc4a17c8 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b2916245448b32 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dbc9f081584e4b6 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c936a01ed2daf7 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4074bf73be42a650 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8712a7dd0f35b1fa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bee302a334406a7 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #938ec2cf99aaa188 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cf649a09074faad Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #440e6224e9f6d46a Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fc077808902705 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e5dc6c7ed237d6c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #607cbb0497653990 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #704781d186e808da Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9980b938196ba458 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1860860af8575d1a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7431f4161d9bf1b8 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0de63ad8f781ea3b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54fd789d13386b45 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7048c1076912a3fd Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8e115784d9c57f Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cbddf4366154b3c Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77dddc1a5faab1d0 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b0723c660c3f0d Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e71908a3f842914 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba12058f93933d81 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #193908b368afb2e3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c1c5457b251f84b Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03fe63c7a7778d29 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #220c702d4064b38e Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c8164a5d6851dab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545b1cd17a462ef3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9095b1864c09d4bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e46eb06a9d4d48fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8316eea47fc0e3b2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f571fca19a55fd67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38107baa7939d19f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02a41e5bedbb125b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d4d3aa448c0f15d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee712306701e46f3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eac1d13ba8c7f6c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4eb1b8ec7f3eda25 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53a8b96fc5294224 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7da08e4741850a1a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee72edd59bc264b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29445f0a6f29a74c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #761d9a8207f0c311 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac7d4517ef8cec41 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #831ad6cfcb801696 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31cfca86c181a854 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #711267b68d329115 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5da2eb9347fcb847 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a049d1d1a46ee2d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89ed36277e191f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d845c672051c13d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78b818d518ec46b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc1ee0a6c3c8aa67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22e08473fa89ae88 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #52cd8ea4f119dbe7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d85c19c58869e97 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdda717f38ede3ce Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d75a60e2c5deef Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fe0045e7b4182f8 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62d7745da90cf605 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5738750af9df259c Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa11ee8a32b58a4c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17507445167467ed Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #032c0a20cce71ff8 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fc84681aef7e471 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30ceae3e494e0882 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a7c8c4e54d34cc4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba39cced72ac6985 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf4aee2318db242b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67a49f1378e0bab3 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec89611931c3b17a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01b228b8105ca5b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bceca85fcda8b34b Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16ec86043621be9c Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d3bec79f8e8f88 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b92e39cdcb8d0e97 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #862365e13afaa952 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #156507c9c3469619 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #505228bdce90ba05 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1849fe68b8bc3d09 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #feed1da0fa897c6c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7642ffee42376f Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19facc62443d6e13 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbbd8c9a8aaa037 Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fdc67cc16aa9cd0 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f810f7693d75a472 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfc95aa1b81880c Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b073b89987e1c289 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9310aeeb3d3e4c42 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ffe8a9de2245029 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22951f6e5b633d0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89878e1a9e9481f Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36ac90bf92e71d64 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48cadb399ab33b39 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #678782c610454829 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a513bcc682583956 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cc8c5174a9f6297 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b72db9f8f112f329 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0cfde00da2e2833 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9012c92fbfbdde2 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13e46e0ead4045b2 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e22f98f301041a Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdaee202b667c020 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbf203e726af5689 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b00752383b254d4 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #360dfdefd9d71749 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d723b9f4e50c774d Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e5f5a44f3d1965 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a27af9a1ab6c228e Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4f635dde4435997 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff56989851757104 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #750080b17037d82f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0eccab130030eec Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bd9b2f2791c921e Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56fc305f74e2f660 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f3a044f24e64e4 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4302d541fa37e04d Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce17285d91923b7f Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fabad9ed29ecf45 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2863aeee9c2a47af Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92afaa692355c304 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8f3fa87487fd3ee Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5c4f870b3e5598c Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66594fb70e724a13 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #399d5320392f1134 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45c6eaca375580e5 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cf07c1884990967 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02d26e5750f8a84f Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7701a92237523f22 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8fec35fb9c85ac1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f97ed26d0a36fc3 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1a669c5643bfdbe Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f527c5e6fec1975e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d50f7a04db5c34e Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ee83cedd972fdf0 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #902bd916a1bd19a1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be5d8ca9ecad9c44 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a4c0f6d62aeda24 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #435b5ad0085e5d5f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70d8bad65fe490c3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d1b501e2ea2b149 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42b159b633e6b99e Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14af558520bd16ea Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22b2658fbc7dbd7 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #747dc0abb21d91d2 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e4da2c8b92a6d1f Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bc4da6c6ff1ec28 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #447204c3be97368e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbfaa0be0b6cea0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e66d13ce03537340 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a836f08fc22697d Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca57945d7f750cb Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b612c57d0d383332 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #03aca5b81a40f9dc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5601e3d326c3cbf4 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d65da97a91d69c82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0bc3dfe21ef6be08 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b61191e1e54182b Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #f0b5ef5aa852284a Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #9d83cd03fc4a17c8 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b2916245448b32 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #c0d06b53a38a12aa Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbba57df01c4e59 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #6dbc9f081584e4b6 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7c936a01ed2daf7 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4074bf73be42a650 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8712a7dd0f35b1fa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #9bee302a334406a7 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #938ec2cf99aaa188 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cf649a09074faad Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #440e6224e9f6d46a Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #c1fc077808902705 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #3e5dc6c7ed237d6c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #54fd789d13386b45 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7048c1076912a3fd Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8e115784d9c57f Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #607cbb0497653990 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #704781d186e808da Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #9980b938196ba458 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1860860af8575d1a Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7431f4161d9bf1b8 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0de63ad8f781ea3b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #3cbddf4366154b3c Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77dddc1a5faab1d0 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68b0723c660c3f0d Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #8e71908a3f842914 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #ba12058f93933d81 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #193908b368afb2e3 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c1c5457b251f84b Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03fe63c7a7778d29 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #220c702d4064b38e Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #8c8164a5d6851dab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545b1cd17a462ef3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9095b1864c09d4bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e46eb06a9d4d48fd Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8316eea47fc0e3b2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f571fca19a55fd67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38107baa7939d19f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02a41e5bedbb125b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d4d3aa448c0f15d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee712306701e46f3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eac1d13ba8c7f6c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4eb1b8ec7f3eda25 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53a8b96fc5294224 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7da08e4741850a1a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee72edd59bc264b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29445f0a6f29a74c Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #761d9a8207f0c311 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac7d4517ef8cec41 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #831ad6cfcb801696 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31cfca86c181a854 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #711267b68d329115 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5da2eb9347fcb847 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a049d1d1a46ee2d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e89ed36277e191f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d845c672051c13d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78b818d518ec46b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc1ee0a6c3c8aa67 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22e08473fa89ae88 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #52cd8ea4f119dbe7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d85c19c58869e97 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdda717f38ede3ce Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d75a60e2c5deef Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fe0045e7b4182f8 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62d7745da90cf605 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5738750af9df259c Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #aa11ee8a32b58a4c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17507445167467ed Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #6fc84681aef7e471 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30ceae3e494e0882 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a7c8c4e54d34cc4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba39cced72ac6985 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf4aee2318db242b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67a49f1378e0bab3 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec89611931c3b17a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01b228b8105ca5b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bceca85fcda8b34b Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #032c0a20cce71ff8 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #6fc84681aef7e471 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #30ceae3e494e0882 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #7a7c8c4e54d34cc4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #ba39cced72ac6985 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf4aee2318db242b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #67a49f1378e0bab3 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec89611931c3b17a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01b228b8105ca5b Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #16ec86043621be9c Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d3bec79f8e8f88 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #f0cfde00da2e2833 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9012c92fbfbdde2 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b92e39cdcb8d0e97 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #862365e13afaa952 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #156507c9c3469619 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #505228bdce90ba05 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1849fe68b8bc3d09 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #feed1da0fa897c6c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7642ffee42376f Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19facc62443d6e13 Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adbbd8c9a8aaa037 Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps/read-file-content

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #2c7642ffee42376f Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #5fdc67cc16aa9cd0 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f810f7693d75a472 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfc95aa1b81880c Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b073b89987e1c289 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #9310aeeb3d3e4c42 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ffe8a9de2245029 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22951f6e5b633d0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89878e1a9e9481f Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #36ac90bf92e71d64 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #48cadb399ab33b39 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #678782c610454829 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #a513bcc682583956 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cc8c5174a9f6297 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b72db9f8f112f329 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #e4f635dde4435997 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff56989851757104 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #750080b17037d82f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0eccab130030eec Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #a27af9a1ab6c228e Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only #c5c4f870b3e5598c Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66594fb70e724a13 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #399d5320392f1134 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45c6eaca375580e5 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cf07c1884990967 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02d26e5750f8a84f Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7701a92237523f22 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8fec35fb9c85ac1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f97ed26d0a36fc3 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1a669c5643bfdbe Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f527c5e6fec1975e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d50f7a04db5c34e Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ee83cedd972fdf0 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #902bd916a1bd19a1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be5d8ca9ecad9c44 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a4c0f6d62aeda24 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #435b5ad0085e5d5f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70d8bad65fe490c3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d1b501e2ea2b149 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42b159b633e6b99e Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14af558520bd16ea Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22b2658fbc7dbd7 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #747dc0abb21d91d2 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e4da2c8b92a6d1f Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bc4da6c6ff1ec28 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #447204c3be97368e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbfaa0be0b6cea0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e66d13ce03537340 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a836f08fc22697d Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca57945d7f750cb Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b612c57d0d383332 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
  • first-party (npm): docs prod — scan budget exceeded
  • lightningcss prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • postcss prod — scan budget exceeded
  • tinyglobby prod — scan budget exceeded
  • @babel/core prod — scan budget exceeded
  • @babel/plugin-transform-dynamic-import prod — scan budget exceeded
  • @babel/plugin-transform-modules-systemjs prod — scan budget exceeded
  • @babel/preset-env prod — scan budget exceeded
  • babel-plugin-polyfill-corejs3 prod — scan budget exceeded
  • babel-plugin-polyfill-regenerator prod — scan budget exceeded
  • browserslist prod — scan budget exceeded
  • browserslist-to-esbuild prod — scan budget exceeded
  • core-js prod — scan budget exceeded
  • regenerator-runtime prod — scan budget exceeded
  • systemjs prod — scan budget exceeded
  • @tailwindcss/vite prod — scan budget exceeded
  • tailwindcss prod — scan budget exceeded
  • @vitejs/test-dep-no-discovery prod — scan budget exceeded
  • vue prod — scan budget exceeded
  • vuex prod — scan budget exceeded
  • clipboard prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
  • @vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
  • @vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
  • @vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-css-require prod — scan budget exceeded
  • @vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
  • @vitejs/test-dep-incompatible prod — scan budget exceeded
  • @vitejs/test-dep-linked prod — scan budget exceeded
  • @vitejs/test-dep-linked-include prod — scan budget exceeded
  • @vitejs/test-dep-node-env prod — scan budget exceeded
  • @vitejs/test-dep-not-js prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-relative-to-main prod — scan budget exceeded
  • @vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
  • @vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
  • @vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
  • @vitejs/test-dep-non-optimized prod — scan budget exceeded
  • @vitejs/test-added-in-entries prod — scan budget exceeded
  • @vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
  • @vitejs/test-dep-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-lodash prod — scan budget exceeded
  • @vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
  • @vitejs/test-dep-lodash-es prod — scan budget exceeded
  • @vitejs/test-nested-exclude prod — scan budget exceeded
  • phoenix prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • @vitejs/test-resolve-linked prod — scan budget exceeded
  • @vitejs/test-alias-original prod — scan budget exceeded
  • aliased-module prod — scan budget exceeded
  • @vue/shared prod — scan budget exceeded
  • @vitejs/test-dep-that-imports prod — scan budget exceeded
  • @vitejs/test-dep-that-requires prod — scan budget exceeded
  • @vitejs/test-commonjs-dep prod — scan budget exceeded
  • @vitejs/test-deep-import prod — scan budget exceeded
  • @vitejs/test-entries prod — scan budget exceeded
  • @vitejs/test-module-sync prod — scan budget exceeded
  • @vitejs/test-resolve-pkg-exports prod — scan budget exceeded
  • @tailwindcss/postcss prod — scan budget exceeded
  • @vitejs/test-external-cjs prod — scan budget exceeded
  • @vitejs/test-require-external-cjs prod — scan budget exceeded
  • @vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-external prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
  • autoprefixer prod — scan budget exceeded
  • @babel/runtime prod — scan budget exceeded
  • normalize.css prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field prod — scan budget exceeded
  • @vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded
  • @vitejs/test-resolve-custom-condition prod — scan budget exceeded

Development

  • @eslint/js dev — scan budget exceeded
  • @type-challenges/utils dev — scan budget exceeded
  • @types/babel__core dev — scan budget exceeded
  • @types/babel__preset-env dev — scan budget exceeded
  • @types/convert-source-map dev — scan budget exceeded
  • @types/cross-spawn dev — scan budget exceeded
  • @types/etag dev — scan budget exceeded
  • @types/less dev — scan budget exceeded
  • @types/node dev — scan budget exceeded
  • @types/picomatch dev — scan budget exceeded
  • @types/stylus dev — scan budget exceeded
  • @types/ws dev — scan budget exceeded
  • @vitejs/release-scripts dev — scan budget exceeded
  • eslint dev — scan budget exceeded
  • eslint-plugin-import-x dev — scan budget exceeded
  • eslint-plugin-n dev — scan budget exceeded
  • eslint-plugin-regexp dev — scan budget exceeded
  • execa dev — scan budget exceeded
  • globals dev — scan budget exceeded
  • lint-staged dev — scan budget exceeded
  • oxfmt dev — scan budget exceeded
  • picocolors dev — scan budget exceeded
  • playwright-chromium dev — scan budget exceeded
  • rolldown dev — scan budget exceeded
  • rollup dev — scan budget exceeded
  • simple-git-hooks dev — scan budget exceeded
  • tsx dev — scan budget exceeded
  • typescript dev — scan budget exceeded
  • typescript-eslint dev — scan budget exceeded
  • vite dev — scan budget exceeded
  • vitest dev — scan budget exceeded
  • @clack/prompts dev — scan budget exceeded
  • @vercel/detect-agent dev — scan budget exceeded
  • cross-spawn dev — scan budget exceeded
  • mri dev — scan budget exceeded
  • tsdown dev — scan budget exceeded
  • unrun dev — scan budget exceeded
  • @babel/parser dev — scan budget exceeded
  • @jridgewell/remapping dev — scan budget exceeded
  • @jridgewell/trace-mapping dev — scan budget exceeded
  • @polka/compression dev — scan budget exceeded
  • @rollup/plugin-alias dev — scan budget exceeded
  • @rollup/plugin-dynamic-import-vars dev — scan budget exceeded
  • @rollup/pluginutils dev — scan budget exceeded
  • @types/escape-html dev — scan budget exceeded
  • @types/pnpapi dev — scan budget exceeded
  • @vitejs/devtools dev — scan budget exceeded
  • @vitest/utils dev — scan budget exceeded
  • @voidzero-dev/vite-task-client dev — scan budget exceeded
  • artichokie dev — scan budget exceeded
  • baseline-browser-mapping dev — scan budget exceeded
  • cac dev — scan budget exceeded
  • chokidar dev — scan budget exceeded
  • connect dev — scan budget exceeded
  • convert-source-map dev — scan budget exceeded
  • cors dev — scan budget exceeded
  • dotenv-expand dev — scan budget exceeded
  • es-module-lexer dev — scan budget exceeded
  • esbuild dev — scan budget exceeded
  • escape-html dev — scan budget exceeded
  • estree-walker dev — scan budget exceeded
  • etag dev — scan budget exceeded
  • fresh-import dev — scan budget exceeded
  • host-validation-middleware dev — scan budget exceeded
  • http-proxy-3 dev — scan budget exceeded
  • launch-editor-middleware dev — scan budget exceeded
  • magic-string dev — scan budget exceeded
  • mlly dev — scan budget exceeded
  • mrmime dev — scan budget exceeded
  • nanoid dev — scan budget exceeded
  • obug dev — scan budget exceeded
  • open dev — scan budget exceeded
  • parse5 dev — scan budget exceeded
  • pathe dev — scan budget exceeded
  • periscopic dev — scan budget exceeded
  • postcss-import dev — scan budget exceeded
  • postcss-load-config dev — scan budget exceeded
  • postcss-modules dev — scan budget exceeded
  • premove dev — scan budget exceeded
  • resolve.exports dev — scan budget exceeded
  • rolldown-plugin-dts dev — scan budget exceeded
  • rollup-plugin-license dev — scan budget exceeded
  • sass dev — scan budget exceeded
  • sass-embedded dev — scan budget exceeded
  • sirv dev — scan budget exceeded
  • strip-literal dev — scan budget exceeded
  • terser dev — scan budget exceeded
  • ufo dev — scan budget exceeded
  • ws dev — scan budget exceeded
  • acorn dev — scan budget exceeded
  • css-color-names dev — scan budget exceeded
  • kill-port dev — scan budget exceeded
  • url dev — scan budget exceeded
  • express dev — scan budget exceeded
  • less dev — scan budget exceeded
  • slash3 dev — scan budget exceeded
  • slash5 dev — scan budget exceeded
  • vue34 dev — scan budget exceeded
  • pug dev — scan budget exceeded
  • @types/react dev — scan budget exceeded
  • @types/react-dom dev — scan budget exceeded
  • react-fake-client dev — scan budget exceeded
  • react-fake-server dev — scan budget exceeded
  • @vitejs/test-css-dep dev — scan budget exceeded
  • @vitejs/test-css-dep-exports dev — scan budget exceeded
  • @vitejs/test-css-js-dep dev — scan budget exceeded
  • @vitejs/test-css-proxy-dep dev — scan budget exceeded
  • @vitejs/test-scss-proxy-dep dev — scan budget exceeded
  • postcss-nested dev — scan budget exceeded
  • stylus dev — scan budget exceeded
  • sugarss dev — scan budget exceeded
  • @vitejs/test-json-require dev — scan budget exceeded
  • @vitejs/test-json-module dev — scan budget exceeded