GitHub app: Reduced permissions
Just had a friend share http://socket.dev with me and it looks awesome. We've been struggling to figure out a way to balance encouraging devs to move quickly and use open source vs. the security risks.
Was about to install your package onto our GH, but noticed it requested read access to all code. I'm reaching out because I'd assume it's not for malicious reasons :)
Any reason why the app needs read access to all the code in the repo rather than just the package/yarn files?
marked this post as
Feross Aboukhadijeh (Socket)