Token Leak via jishaku py about jishaku HOT 1 CLOSED

I have written at length in the past about why the ability to display your token using Jishaku is not a bug. I cannot stop you from intentionally exposing your credentials.

No matter what I patch for, there will always be new avenue that is not covered. If I was to explicitly detect this case, then the next complaint would be that bot.http.token[::-1] is sufficient to rebuild the token - or list(bot.http.token[::-1]). Maybe '_'.join(bot.http.token)? Am I supposed to detect if your token has been put through a Caeser Shift cipher, as well?

Please read the following to get the full spiel on why I won't fix this:
#61 (comment)

The intent of the omission is to avoid mistakes. A developer might choose to evaluate _bot.http.__dict__, or something like their own _bot.config, without thinking or realizing ahead of time that this would expose their token directly. Jishaku is, through omitting the token, attempting to prevent you from doing something you did not intend to do.

A statement as direct as list(bot.http.token) cannot be a mistake. The intent of the developer is clear - and Jishaku trusts that the intent of the developer is genuine. There are way worse things you can do if you intentionally create malicious code.

All of this boils down to:

• Do not write code that does something you do not intend to do. Computers ask no questions.
• Do not run code from people you do not trust, and always audit code to make sure you understand what it is doing before you run it.
• As mentioned in the MIT License, Jishaku comes 'as is', with no warranty. The code you execute with it, and the side effects of such code, are entirely the responsibility of you, the user, and you should use it only with adequate acknowledgement and understanding of this responsibility.

from jishaku.