If you find a security issue in Codex Token Guard itself, open a GitHub issue with a minimal reproduction that does not include private credentials.
Do not paste real API keys, session tokens, bearer tokens, cookies, private logs, private repository URLs, email addresses, phone numbers, or machine-specific account data into public issues.
This project is a local triage tool. It does not verify whether a token is valid and does not prove that a package is malicious.
When reporting a finding, include:
- the redacted finding,
- the detection kind,
- the file type or package name,
- the operating system,
- the command used.
Avoid sharing full filesystem paths if they include private names.