[iatek]

Thanks for the feedback. This is how the auth scopes are defined for the GH API. Anything less wouldn't allow it to pull the repo info when using http://icodedis.tool.cards/#/submit

[transitivebs]

I've used the GH API extensively, and this is a common misconception. The default (no scope) allows you to access public repository info (source: https://developer.github.com/apps/building-oauth-apps/unders...).

This GH app, for instance, received similar feedback and its author removed the offending scopes without losing functionality: https://news.ycombinator.com/item?id=11261953

[iatek]

Isn't this app reading the trending repos feed? I don't see where it pulls specific repo details. Anyway, I'll explore the default scope again.

[wintron]

Hey! So, this project looks really interesting. I work at GitHub on the Partner Engineering team, we'd be happy to help guide your implementation to follow our best practices and help drive its success. Feel free to reach us at partnerengineering@github.com!

[bovermyer]

This is why I love HN.

[joeblau]

I would definitely love to use this after you've made updates to the ACL. Could you please post a follow up when you've accomplished that.