If you discover a security vulnerability in this package, please report it to us.
DO NOT create a public GitHub issue for security vulnerabilities.
Email: support@revenium.io
Please include:
- Package name and version
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Suggested fix (if available)
We will review and respond to security reports in a timely manner.
When using this CLI tool:
- API Keys: Never commit API keys to version control
- Config Files: The tool stores config with restricted permissions (0o600) in:
- Claude Code:
~/.claude/revenium.env - Gemini CLI:
~/.gemini/revenium.env - Cursor IDE:
~/.cursor/revenium/revenium.env
- Claude Code:
- Network Security: All connections use HTTPS
- Updates: Keep the package updated to the latest version
This tool sends usage telemetry via OTLP format. The data transmitted includes:
- Model used
- Token counts (input, output, cache read, cache creation)
- Cost in USD
- Timestamps
- Cost multiplier (subscription tier)
- Email (when configured by the user for attribution)
- Organization and product name (when configured)
For Cursor IDE specifically, additional billing metadata is included (token fee, request costs, billing kind).
No conversation content is transmitted.