GH_TOKEN

[snelling-a]

Hey @gmrchk,

Nice work, really like the tool and I hope it gets adopted to increase contribution to the open source community.

2 things about the token:
1. Is there a way to get it from the shell env? I feel like a lot of people have it stored somewhere for use with other tools, like the gh cli or act.
2. Is there a way to hide the input? I doubt anyone is typing in their token, probably copy/pasting.

Happy to help if I can 🧑‍💻

[gmrchk]

Hey hey!

1. There is not right now. Actually, I was thinking about the token being the only option at first, but I went with the nicer visual "walk-through" option at the end. Anyways, surely something to add tho, totally makes sense!
2. I would expect most people to create the token for this purpose (with as few permissions as possible), meaning it will already be displayed in GH UI for them. Not sure if hiding it in the CLI adds any value; maybe rather complicates verification that it's inserted correctly. I guess some might also have it in some password manager, in which case the hiding makes more sense of course. Do you think people would prefer hidden values, like passwords? Is there maybe some terminal history we should consider? 🤔

[snelling-a]

Definitely like the walkthrough approach. It looks really good and it seems like you handle any issues/errors well. If there is a way to get the env var, you could you just skip that step in the flow if it is detected?

As for hiding the input, it's been my experience with cli tools to hide something like this. I don't think that inputting the token in the walkthrough would save it to the shell history but it would be in the standard input. Off the top of my head I don't know how accessible that is after the screen has been cleared/instance killed.

That said, it took a few minutes for the tool to scan all the repos. And when it's done the value is still in the terminal. Not a huge deal but, you know, you never know 🕵️