envAccess

Rendered from docs/alerts/envAccess.md

Back to index

envAccess

Flags access to environment variables (for example process.env.*).

Implemented in: src/lib/detection/plugins/env-access.ts
Enabled by default: yes

What it means

The package reads from (or otherwise references) environment variables.

Why it matters

Environment variables commonly contain secrets (CI tokens, cloud credentials, registry tokens). Malware frequently targets these.

What to do

  • Confirm the accessed variables are expected for the package’s purpose.
  • Check whether values are sent over the network or written to disk.
  • Treat unexpected env access as a high-signal indicator when combined with networkAccess.

Common fields

  • filePath, lineStart/lineEnd, codeSnippet
  • metadata may include the variable name(s) or access pattern