gh-issue-tracker 1.0.0 → 1.1.2

package/README.md

@@ -53,7 +53,7 @@ try {
 | `githubRepo` | `string` | — | **Required.** Repository in `owner/repo` format |
 | `environment` | `string` | `"development"` | Environment name shown in issue body |
 | `labels` | `string[]` | `[]` | Additional labels applied to every issue |
-| `enabled` | `boolean` | `true` | Kill switch to disable tracking |
+| `enabled` | `boolean` | `true` | Kill switch. Use `enabled: !!process.env.GITHUB_TOKEN` to auto-disable when no token is set (e.g., local dev) |
 | `onError` | `(err) => void` | `console.error` | Called when the GitHub API fails |
 | `rateLimitPerMinute` | `number` | `10` | Max new issues created per minute |
 | `dedupeWindowMs` | `number` | `60000` | Suppress same fingerprint within this window (ms) |
@@ -117,6 +117,7 @@ interface ErrorContext {
 | **Next.js (client errors)** | [`examples/nextjs-error-proxy/`](examples/nextjs-error-proxy/) | Proxy endpoint for browser error boundaries |
 | **Next.js (error UI)** | [`examples/nextjs-error-boundaries/`](examples/nextjs-error-boundaries/) | `error.tsx` and `global-error.tsx` components |
 | **Express** | [`examples/express-middleware/`](examples/express-middleware/) | Error handler middleware |
+| **Standalone proxy** | [`proxy/`](proxy/) | Deploy-once Cloudflare Worker or Vercel Function |
 
 ### Full Next.js setup (recommended)
 
@@ -137,6 +138,43 @@ For complete Next.js coverage, combine all three Next.js examples:
 
 > For classic tokens, the `repo` scope works but grants broader access than needed.
 
+## Security
+
+**The `GITHUB_TOKEN` must NEVER reach the browser.** This token has write access to your repository's issues. If exposed in a client-side JavaScript bundle, anyone can extract it from DevTools and create/modify/close issues in your repo.
+
+### The rule
+
+`gh-issue-tracker` is a **server-side only** package. Never import it in client components, browser code, or any code that gets bundled for the browser.
+
+### Capturing client-side errors safely
+
+Browser errors need a **proxy** between the browser and the GitHub API:
+
+```
+Browser error boundary
+  → POST { message, stack, url } to YOUR server
+  → Your server calls captureException() with GITHUB_TOKEN
+  → GitHub Issues API
+```
+
+Three options for the proxy:
+
+| Option | Best for | Setup |
+|--------|----------|-------|
+| **In-app API route** | Single app, custom logic | [`examples/nextjs-error-proxy/`](examples/nextjs-error-proxy/) |
+| **Cloudflare Worker** | Multi-app, global edge | [`proxy/cloudflare-worker/`](proxy/cloudflare-worker/) |
+| **Vercel Function** | Multi-app, Vercel users | [`proxy/vercel-function/`](proxy/vercel-function/) |
+
+The standalone proxies in `proxy/` are deploy-once solutions — they hold the secret so your apps don't have to.
+
+### Security checklist
+
+- [ ] `GITHUB_TOKEN` is NOT prefixed with `NEXT_PUBLIC_` or `VITE_`
+- [ ] `gh-issue-tracker` is NOT imported in any `'use client'` component
+- [ ] `.env` files are in `.gitignore`
+- [ ] If using client error capture, the proxy has origin allowlist + rate limiting
+- [ ] GitHub PAT uses fine-grained permissions (Issues only, single repo)
+
 ## GitHub Issue structure
 
 Issues created by the tracker look like this:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gh-issue-tracker",
-  "version": "1.0.0",
+  "version": "1.1.2",
   "description": "Lightweight error tracking that creates GitHub Issues instead of sending to SaaS. Deduplication, fingerprinting, and rate limiting built-in.",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -35,7 +35,7 @@
   ],
   "license": "MIT",
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   },
   "dependencies": {
     "octokit": "^4.1.2"
@@ -45,5 +45,9 @@
     "tsup": "^8.0.0",
     "typescript": "^5.7.2",
     "vitest": "^4.0.16"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/zot24/gh-issue-tracker.git"
   }
 }