diff --git a/queries/default-setup-environment-variables.ql b/queries/default-setup-environment-variables.ql
index e45640941..9f677dfb9 100644
--- a/queries/default-setup-environment-variables.ql
+++ b/queries/default-setup-environment-variables.ql
@@ -43,6 +43,7 @@ predicate envVarRead(DataFlow::Node node, string envVar) {
 from DataFlow::Node read, string envVar
 where
   envVarRead(read, envVar) and
+  read.getFile().getRelativePath().matches("src/%") and
   not read.getFile().getBaseName().matches("%.test.ts") and
   not isSafeForDefaultSetup(envVar)
 select read,