bro. it asks for the ability for some random github user to literally take over your private repositories.

matzehuels 2 hours ago | parent | next [-]

You’re 100% right to call that out. The current GitHub OAuth scope is too broad

I’m changing this ASAP to least-privilege and I’ll publish a clear explanation of scopes + data handling. In the meantime: please run the local/CLI path if you want zero-trust.

	▲	withinboredom 2 hours ago \| parent [-]
		Damn dude. That’s awesome! I saw the permissions it wanted out of every org I’m a part of (including some big open source orgs) — I’d probably find myself booted out of those orgs if I accepted that. They def get a notification on every authentication like that and take potential impersonation seriously.

▲

claar 6 hours ago | parent | prev [-]

Yeah, if it weren't for that, I think this would blow up. Plus, even if you get past that, if you try a larger project, it times out after 1 minute and gives up. But it's a pretty awesome idea!

	▲	matzehuels 2 hours ago \| parent [-]
		hey! I built this, I know its really scrappy, I just don't have enough time currently to make right by users. I'm on it though... stay tuned