Close Open Privacy Scan
App Privacy Score
Low risk · 201 finding(s)
Dependency score: 97 (Low risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz Application data flows
No high- or medium-confidence application data-flow findings in this scan.
</> First-Party Code
first-party (npm)
npm first-partyexpand_more 21 low-confidence finding(s)
var fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
template: cb => fs.readFile(path.join(__dirname, './index-template.js'), 'utf8', cb),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFileSync(path.join(__dirname, 'aliases.txt'), 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFile(filename, HTMLdata, callback);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(path.join(docsDir, mainModuleFile), 'utf8', (fileErr, mainModuleData) => {
if (fileErr) return callback(fileErr);
var $mainPage = $(mainModuleData);
// each 'module' (category) has a separate page, with all of the
// important information in a 'main' div. Combine all of these divs into
// one on the actual module page (async)
async.eachSeries(moduleFiles, (file, fileCallback) => {
fs.readFile(path.join(docsDir, file), 'utf8', (err, moduleData) => {
if (err) return fileCallback(err);
var $modulePage = $(moduleData);
var moduleName = $modulePage.find(sectionTitleClass).text();
$modulePage.find(sectionTitleClass).attr('id', moduleName.toLowerCase());
$mainPage.find(mainScrollableSection).append($modulePage.find(mainScrollableSection).html());
return fileCallback();
});
}, (err) => {
if (err) return callback(err);
generateHTMLFile(path.join(docsDir, docFilename), $mainPage, callback);
});
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(path.join(docsDir, file), 'utf8', (err, moduleData) => {
if (err) return fileCallback(err);
var $modulePage = $(moduleData);
var moduleName = $modulePage.find(sectionTitleClass).text();
$modulePage.find(sectionTitleClass).attr('id', moduleName.toLowerCase());
$mainPage.find(mainScrollableSection).append($modulePage.find(mainScrollableSection).html());
return fileCallback();
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(filePath, 'utf8', (err, fileData) => {
if (err) return fileCallback(err);
var $file = $(applyPreCheerioFixes(fileData));
var $vDropdown = $file.find('#version-dropdown');
$vDropdown.find('.dropdown-toggle').contents().get(0).data = 'v'+VERSION+' ';
$vDropdown.find('a[href="'+docFilename+'"]').text('v'+VERSION);
fixToc(file, $file, moduleFiles);
fixFooter($file);
$file.find('[href="'+mainModuleFile+'"]').attr('href', docFilename);
generateHTMLFile(filePath, $file, fileCallback);
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(outpath, html, 'utf8');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
code: helper.htmlsafe( fs.readFileSync(sourceFiles[file].resolved, encoding) )Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(tutorialPath, html, 'utf8');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var json = JSON.parse(fs.readFileSync(__dirname + "/../package.json"), "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var json = JSON.parse(fs.readFileSync(__dirname + "/../package.json"), "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
@babel/core
npm dependencyexpand_more 17 low-confidence finding(s)
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const targetPath = process.env.BABEL_SHOW_CONFIG_FOR;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fn(filepath, yield* fs.readFile(filepath, "utf8"));Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const code = yield* fs.readFile(filename, "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const inputMapContent = _fs().readFileSync(_path().resolve(_path().dirname(options.filename), match[1]), "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const code = yield* fs.readFile(filename, "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
babel-minify
npm dependencyexpand_more 2 low-confidence finding(s)
const fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
babel-plugin-istanbul
npm dependencyexpand_more 5 low-confidence finding(s)
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cwd = getRealpath(opts.cwd || process.env.NYC_CWD || /* istanbul ignore next */process.cwd());Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (ignored.length === 0 && process.env.NYC_CONFIG) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return JSON.parse(process.env.NYC_CONFIG);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
babel-register
npm dependencyexpand_more 10 low-confidence finding(s)
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var FILENAME = process.env.BABEL_CACHE_PATH || _path2.default.join(_homeOrTmp2.default, ".babel.json");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
_fs2.default.writeFileSync(FILENAME, serialised);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.BABEL_DISABLE_CACHE) return;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data = JSON.parse(_fs2.default.readFileSync(FILENAME));Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var _fs = require("fs");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var env = process.env.BABEL_ENV || process.env.NODE_ENV;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var env = process.env.BABEL_ENV || process.env.NODE_ENV;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
bluebird
npm dependencyexpand_more 3 low-confidence finding(s)
return hasEnvVariables ? process.env[key] : undefined;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return hasEnvVariables ? process.env[key] : undefined;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return hasEnvVariables ? process.env[key] : undefined;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
browserify
npm dependencyexpand_more 7 low-confidence finding(s)
acc[key] = process.env[key];Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var browserify = require('../..'),
path = require('path'),
fs = require('fs'),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs = require('fs'),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint
npm dependencyexpand_more 13 low-confidence finding(s)
results.source = fs.readFileSync(filePath, "utf-8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(filePath, output);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = await fsp.readFile(filePath, {
encoding: "utf8",
signal: controller?.signal,
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.ESLINT_FLAGS) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
retrier.retry(() => fs.writeFile(r.filePath, r.output)),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const enabled = !!process.env.TIMING;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (typeof process.env.TIMING !== "string") {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.TIMING.toLowerCase() === "all") {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = readFileSync(sourceFile, "utf8")Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = await fs.promises.readFile(this.filePath, "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.promises.writeFile(
this.filePath,
stringify(suppressions, { space: 2 }),
);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs-extra
npm dependencyexpand_more 5 low-confidence finding(s)
await fs.writeFile(file, '')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(file, '')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(file, '')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.writeFile(file, data, encoding)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(file, ...args)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
jsdoc
npm dependencyexpand_more 19 low-confidence finding(s)
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const info = JSON.parse( stripBom.strip(fs.readFileSync(path.join(env.dirname, 'package.json'),
'utf8')) );Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
config = fs.readFileSync(confPath, 'utf8');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return stripJsonComments( fs.readFileSync(filepath, 'utf8') );Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = fs.readFileSync(path, env.opts.encoding);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
sourceCode = fs.readFileSync(filename, encoding);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return _.template(fs.readFileSync(file, 'utf8'), null, this.settings);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content = fs.readFileSync(file, env.opts.encoding);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const partialData = fs.readFileSync(fullPath, env.opts.encoding);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(outpath, html, 'utf8');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
code: helper.htmlsafe( fs.readFileSync(sourceFiles[file].resolved, encoding) )Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(tutorialPath, html, 'utf8');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
karma
npm dependencyexpand_more 20 low-confidence finding(s)
count: parseInt(process.env.COMP_CWORD, 10),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(path.resolve(__dirname, '../scripts/karma-completion.sh'), 'utf8', function (err, data) {
if (err) return console.error(err)
process.stdout.write(data)
process.stdout.on('error', function (error) {
// Darwin is a real dick sometimes.
//
// This is necessary because the "source" or "." program in
// bash on OS X closes its file argument before reading
// from it, meaning that you get exactly 1 write, which will
// work most of the time, and will always raise an EPIPE.
//
// Really, one should not be tossing away EPIPE errors, or any
// errors, so casually. But, without this, `. <(karma completion)`
// can never ever work on OS X.
if (error.errno === 'EPIPE') {
error = null
}
})
})Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '/../package.json')).toString())Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
exports.DEFAULT_PORT = process.env.PORT || 9876Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
exports.DEFAULT_HOSTNAME = process.env.IP || 'localhost'Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
exports.DEFAULT_LISTEN_ADDR = process.env.LISTEN_ADDR || '0.0.0.0'Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContents = fs.readFileSync(configurationFile, 'utf-8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return FileUtils
.readFile(this.TEMPLATE_FILE_PATH)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.readFile(filepath, function (error, data) {
if (error) {
return serve404(response, filepath)
}
if (!doNotCache) {
cache[filepath] = data.toString()
}
log.debug('serving: ' + filepath)
response.setHeader('Content-Type', mime.getType(filepath, 'text/plain'))
responseData = (transform && transform(data.toString())) || data
response.writeHead(rangeHeader ? convertForRangeRequest() : 200)
return response.end(responseData)
})Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(tmpFile.name, JSON.stringify(config), 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.readFileSync(path).toString()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path, content)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
FileUtils.saveFile(dest, FileUtils.readFile(src))Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { createWriteStream } = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { createWriteStream } = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { readFile } = require('fs').promisesReads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
karma-browserify
npm dependencyexpand_more 5 low-confidence finding(s)
var path = require('path'),
fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs'),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs'),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(location, content);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
karma-firefox-launcher
npm dependencyexpand_more 11 low-confidence finding(s)
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const paden = process.env.Path.split(';')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const prefixes = [process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)']]Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const prefixes = [process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)']]Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
for (const pathElem of process.env.PATH.split(':')) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
homeBin = path.join(process.env.HOME, bin)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const extBuffer = fs.readFileSync(ext)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(copyDestination, extBuffer)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(profilePath, 'prefs.js'), this._getPrefs(args.prefs))Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.MOZ_DEBUG_BROWSER_PAUSE = 0Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
karma-mocha
npm dependencyexpand_more 3 low-confidence finding(s)
var fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return extend(normalizeOpts(minimist(fs.readFileSync(optsPath, 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
karma-safari-launcher
npm dependencyexpand_more 5 low-confidence finding(s)
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(HTML_TPL, function(err, data) {
var content = data.toString().replace('%URL%', url);
var staticHtmlPath = self._tempDir + '/redirect.html';
fs.writeFile(staticHtmlPath, content, function(err) {
self._execCommand(self._getCommand(), [staticHtmlPath]);
});
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFile(staticHtmlPath, content, function(err) {
self._execCommand(self._getCommand(), [staticHtmlPath]);
});Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
win32: process.env['ProgramFiles(x86)'] + '\\Safari\\Safari.exe'Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
mocha
npm dependencyexpand_more 16 low-confidence finding(s)
require("js-yaml").load(fs.readFileSync(filepath, "utf8")),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const css = fs.readFileSync(path.join(srcdir, "mocha.css"));Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const js = fs.readFileSync(path.join(srcdir, "mocha.js"));Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tmpl = fs.readFileSync(
path.join(srcdir, "lib", "browser", "template.html"),
);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "mocha.css"), css);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "mocha.js"), js);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "index.html"), tmpl);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
configData = fs.readFileSync(filepath, "utf8");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envConfig = parse(process.env.MOCHA_OPTIONS || "");Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(output, json);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
r = process.env.DEBUG;Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(output, json);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
native-promise-only
npm dependencyexpand_more 3 low-confidence finding(s)
var fs = require("fs"),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require("fs"),Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
path.join(__dirname,"npo.js"),
result.code + "\n",
{ encoding: "utf8" }
);Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
nyc
npm dependencyexpand_more 31 low-confidence finding(s)
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = await fs.readFile(filename, 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const inCode = await fs.readFile(inFile, 'utf-8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(outFile, outCode)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.NYC_CWD) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_PROCESS_ID = this.processInfo.uuidReads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
coverageFilename,
JSON.stringify(coverage),
'utf-8'
)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_CWD = process.cwd()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_CWD = process.cwd()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_CWD = process.cwd()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
cwd = cwd || process.env.NYC_CWD || process.cwd()Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
envToCopy[env] = process.env[env]Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
envToCopy[envName] = process.env[envName]Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(mapPath, JSON.stringify(sourceMap))Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_CONFIG ||Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
parent: process.env.NYC_PROCESS_ID || nullReads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_IDReads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.NYC_PROCESSINFO_EXTERNAL_IDReads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.NYC_CONFIG_OVERRIDE) {Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NYC_CONFIG = JSON.stringify(config)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
rollup-plugin-node-resolve
npm dependencyexpand_more 2 low-confidence finding(s)
import fs from 'fs';Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const readFileAsync = file => new Promise((fulfil, reject) => fs.readFile(file, (err, contents) => err ? reject(err) : fulfil(contents)));Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
semver
npm dependencyexpand_more 2 low-confidence finding(s)
process.env.NODE_DEBUG &&Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
/\bsemver\b/i.test(process.env.NODE_DEBUG)Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
yargs
npm dependencyexpand_more 1 low-confidence finding(s)
return process.env[key]Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Development
- rollup dev — dist-only: no readable source
- rollup-plugin-npm dev — no javascript source