Security

Repository access should feel clear before signup.

RottenPack uses GitHub access to read dependency manifests and build health reports. The product is designed around read-focused dependency analysis, not repository modification.

Permission summary

The main reason for repo access is private repository package discovery. Users should know that before OAuth.

GitHub access

What RottenPack needs and why.

OAuth sign-in

GitHub OAuth identifies the user and lets RottenPack connect repositories to the right account.

Private repo reads

The repo scope allows reading package.json from private repositories you choose to scan.

No repository writes

The product flow does not push commits, open pull requests, or change repository files.

Data handling

Keep the security story visible.

Stores connected repository metadata and dependency health results.

Uses GitHub tokens to fetch package manifests for selected repositories.

Lets users disconnect repositories from the dashboard.

GitHub app access can be revoked from GitHub account settings.