Rogan003
commented
4 months ago Hello!
Thank you for noting this! I left it here since I didn't give it any special permissions, it serves only to be able to make more octokit requests. I thought about giving you the token with the link to this repo, yet the token was already in my commit history from when the repo was private. I should have gave you a new one and invalidated this one.
Again thank you, I will invalidate it.
egorklimov
Hello!
I would recommend you to invalidate this token in your GitHub settings: someone might find it by indexing GitHub. It is not critical if the token is fine-grained with access only to public repositories, but it is still better to load this token from env vars.
https://github.com/Rogan003/git-history-analysis/blob/62ab376501575ac96fc1a3ade7ec28c526e9d357/src/components/TopContributorPairs.jsx#L13