| Version | Supported |
|---|---|
main |
✅ Current |
Please do not open a public GitHub Issue for security vulnerabilities.
If you discover a security issue, email the maintainers directly or use GitHub's private vulnerability reporting feature.
Include as much detail as possible:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond within 5 business days and to publish a fix within 30 days of confirmation.
This tool reads a GITHUB_TOKEN from environment variables only. It never logs, stores, or transmits tokens.
- Never commit your
.envfile — it is git-ignored by default. - Use a minimal-scope PAT (
read:org+reporead-only). - Rotate your token immediately if you believe it was exposed.
Dependencies are tracked via requirements.txt and monitored by Dependabot. Keep dependencies up to date by running:
pip install --upgrade -r requirements.txt