Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

Environment variable access

Severity

Low

Description

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Suggestion

Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.

Packages with this issue

supports-color

Detect whether a terminal supports color

sindresorhus
 published 5.5.0 •

semver

The semantic version parser used by npm.

lukekarrys
 published 7.3.7 •

debug

Lightweight debugging utility for Node.js and the browser

qix
 published 4.3.4 •

chalk

Terminal string styling done right

sindresorhus
 published 2.4.2 •

readable-stream

Streams3, a user-land copy of the stream library from Node.js

matteo.collina
 published 3.6.0 •

commander

the complete solution for node.js command-line programs

abetomo
 published 9.2.0 •

acorn

ECMAScript parser

marijn
 published 1.2.2 •

yargs-parser

the mighty option parser used by yargs

oss-bot
 published 21.0.1 •

lru-cache

A cache object that deletes the least-recently-used items.

isaacs
 published 4.1.5 •

yargs

yargs the modern, pirate-themed, successor to optimist.

oss-bot
 published 17.5.1 •
Socket

Product

NPM Packages

About

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc