| ▲ | rvz 3 hours ago | |
> You initially complained about CLIs, not the dependency mess of the JS ecosystem. I complained about both. What does this say from the start? >> Once again, it is in the NPM ecosystem. > You still have not said why this is an issue of having a CLI. Why do you need one? Automation reasons? OpenClaw? This is an attractive way for an attacker to get ALL your passwords in your vault. The breach itself if run in GitHub Actions would just make it a coveted target to compromise it which makes having one worse not better and for easier exfiltration. So it makes even more sense for a password manager to not need a CLI at all. This is even before me mentioning the NPM and the Javascript ecosystem. | ||
| ▲ | hgoel 3 hours ago | parent [-] | |
>Why do you need one? Automation reasons? OpenClaw? This is an attractive way for an attacker to get ALL your passwords in your vault. I need one because I am not always using a graphical interface. What exactly in a GUI do you think makes it harder/less attractive for an attacker? If the GUI code is compromised in the same way as the CLI, it'll have the same level of access to your vault as soon as you enter your master password, exactly the same as in the CLI. | ||