Severity
Low
Description
Package accesses environment variables, which may be a sign of credential stuffing or data theft.
Suggestion
Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.
Packages with this issue
Detect whether a terminal supports color
The semantic version parser used by npm.
Streams3, a user-land copy of the stream library from Node.js