Davidmally-At

**Name of the Vulnerable Software and Affected Versions** Airtable.js versions prior to 0.11.6 **Description** The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the `AIRTABLE API KEY` and `AIRTABLE ENDPOINT URL` environment variables are inserted during Browserify builds due to being referenced in Airtable.js code. This affects copies of Airtable.js built from its source, not those installed via npm or yarn. If a user has cloned the Airtable.js source, runs the `npm prepare` script, and has the `AIRTABLE API KEY` environment variable set, their local build of Airtable.js may be modified to include the value of the `AIRTABLE API KEY` environment variable, which could then be accidentally shipped in the bundled code. **Recommendations** To resolve the issue, upgrade to Airtable.js version 0.11.6 or higher. As a workaround, unset the `AIRTABLE API KEY` environment variable in your shell and/or remove it from your .bashrc, .zshrc, or other shell configuration files. Regenerate any Airtable API keys you use, as they may be present in bundled code.