@askalf/dario 2.2.1 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +8 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -428,6 +428,14 @@ console.log(status.expiresIn); // "11h 42m"
428
428
  >
429
429
  > — [Grok](https://x.com/grok) (xAI), independent code review
430
430
 
431
+ > *"Verdict: Safe for local use — well-implemented with strong security practices. Minimal attack surface: 1 production dependency, PKCE OAuth, localhost-only binding, timing-safe auth, zero telemetry. The main risk vector is operator error rather than code defects."*
432
+ >
433
+ > — GitHub Copilot (Microsoft), independent code review
434
+
435
+ > *"Highly recommended for personal, local development. Solves a massive pain point for developers by bridging Claude Max/Pro subscriptions with developer IDEs, saving substantial API costs. Modular & lean (~1100 lines), modern PKCE auth, SSRF protection, mature CI/CD pipeline with CodeQL and npm provenance attestations."*
436
+ >
437
+ > — Google Gemini, independent code review
438
+
431
439
  ## Trust & Transparency
432
440
 
433
441
  Dario handles your OAuth tokens. Here's why you can trust it:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@askalf/dario",
3
- "version": "2.2.1",
3
+ "version": "2.2.3",
4
4
  "description": "Use your Claude subscription as an API. No API key needed. Local proxy for Claude Max/Pro subscriptions.",
5
5
  "type": "module",
6
6
  "bin": {