remove-outside-collaborators icon indicating copy to clipboard operation
remove-outside-collaborators copied to clipboard

Published 20 hours ago verified publisher icon Hollywood

Limit app permission scope

Open timhirsh opened this issue 5 years ago • 0 comments

Great work on this app, I look forward to using it! One thing that caught my attention was the required permissions when installing it:

  • Read access to code
  • Write access to files located at .github/remove-outside-collaborators.yml
  • Read access to metadata
  • Read and write access to administration, issues, members, repository hooks, and repository projects

Based on the responsibilities of the app, it wasn't clear to me why it needs read access to all code, or write access to the config file. Any chance the scope can be reduced to the following?

  • Read access to files located at .github/remove-outside-collaborators.yml
  • Read access to metadata
  • Read and write access to administration, issues, members, repository hooks, and repository projects

Thanks!

timhirsh avatar Jan 22 '20 15:01 timhirsh