If you discover a security vulnerability, please report it privately:

• Email: lokiq0713@gmail.com
• Response time: within 72 hours

Please do not open a public issue for security vulnerabilities.

This is a local CLI tool that analyzes Claude Code session data. Security considerations include:

• CLI tool — runs locally on your machine
• npm postinstall — downloads the correct pre-built binary for your platform during npm install

None — this tool makes no network requests. All data is read and processed locally.

• Reads ~/.claude/projects/ — JSONL session files generated by Claude Code
• Reads ~/.config/cc-token-usage/config.toml — optional user configuration for pricing overrides
• Writes HTML reports to /tmp/ — temporary dashboard files opened in the browser

No other files or directories are accessed.

None. This tool collects no telemetry, sends no analytics, and phones home to no server. Everything stays on your machine.