Advisories for Npm/@Cloudflare/Vite-Plugin package

This advisory duplicates another.

Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as: .env .dev.vars