RADIOCLI

Privacy And Security

Local-first data behavior, opt-in location lookup, and vulnerability reporting.

RadioCLI does not require secrets or accounts.

Privacy Notes

  • Nearby station discovery is off by default.
  • Location lookup uses approximate IP-based location from ipapi.co only when enabled.
  • Explore uses only the cursor coordinate you move in the terminal.
  • Recents, favorites, settings, imports, listening activity, and provider cache data are stored locally on your machine.
  • RadioCLI does not proxy audio. It resolves public stream URLs and hands playback to mpv, ffplay, or the experimental macOS AirPlay worker.
  • AirPlay discovery uses Bonjour on your local network. AirPlay streaming runs through a local worker and the bundled sender bridge.

Location Lookup

Nearby stations are useful, but IP-based location lookup is privacy-sensitive. RadioCLI requires explicit opt-in through Settings or :location on. When it is enabled, RadioCLI requests an approximate location from ipapi.co and uses the returned city, region, country, latitude, and longitude to sort the local geotagged station atlas.

Reporting Security Issues

Open a private security advisory on GitHub:

https://github.com/Ciphore/RadioCLI/security/advisories

Please avoid filing public issues for vulnerabilities that could expose local files, private network information, or unexpected command execution.

If private reporting is unavailable, open a minimal public issue asking for a private disclosure path, but do not include exploit details.

Supported Versions

Until a tagged release cadence is established, security fixes target the active development branch and the latest public npm release.

Related reading: Reliability and Contributing.

Reliability

How RadioCLI handles ordinary internet-radio failure modes.

Contributing

Setup, verification, development principles, and issue triage.

On this page

Privacy NotesLocation LookupReporting Security IssuesSupported Versions