Closed animeshchaudhri closed 1 year ago
github-actions[bot]
commented
1 year ago π @animeshchaudhri Thank you for raising an issue. We will investigate the matter and get back to you as soon as possible π. Please make sure you have given us as much context as possible. Additionally, consider giving our repository a star. β It will motivate us to do more!
nitishkumar333
commented
1 year ago Hi, please assign me this issue. I would like to work on it.
madhurafulkar
commented
1 year ago You can work on this issue @animeshchaudhri
animeshchaudhri
commented
1 year ago I have fixed the issue by proving a placeholder for it and added comments to JavaScript code for better readability. The user has to get his own API key readme has to updated for the following reason @madhurafulkar
animeshchaudhri
commented
1 year ago 
Prajwal0225
commented
1 year ago Hey @animeshchaudhri I don't think we need a .env file to store our project's API key. Our API key is quite simple, and adding a .env file might make it harder for beginners to understand and work on the project.
The current implementation exposes the Superhero API key directly in the client-side JavaScript code. It's not recommended to expose your API keys in client-side code as it can be accessed by anyone. Consider moving it to a server-side environment or using environment variables.
Impact
Exposing the API key presents a security risk for potential misuse of the key if discovered. It's a best practice to avoid embedding secrets in client-side code.
Moving the key to a server-side env var or secrets service will improve security and prevent leakage of the key.