If you discover a security vulnerability, please report it via GitHub Security Advisories.
Do NOT open a public issue for security vulnerabilities.
trvl accesses Google's public-facing internal APIs using Chrome TLS fingerprint impersonation. It does not:
- Store or transmit user credentials
- Access authenticated Google accounts
- Bypass rate limits or access controls
- Cache personal data
github.com/refraction-networking/utls— TLS fingerprint impersonationgithub.com/spf13/cobra— CLI frameworkgolang.org/x/time— Rate limiting
All dependencies are reviewed and pinned in go.sum.