# Sensitive Data Exposure

#### Hardcoded Sensitive Information in JavaScript

**Vulnerability:** Hardcoded Sensitive Information

**Vulnerable Code:**

```javascript
javascriptCopy codeconst apiKey = "1234567890abcdef";
```

**Reason for vulnerability:** Sensitive information like API keys should not be hardcoded in the source code as it can be easily extracted.

**Fixed Code:**

```javascript
javascriptCopy codeconst apiKey = process.env.API_KEY;
```

**Reason for fix:** Using environment variables to store sensitive information keeps it out of the source code and limits its exposure.