Is Hakiri being more confusing than useful in this project?

[gonzalo-bulnes]

I enabled Hakiri long time ago. Hakiri provides monitoring of security vulnerabilites based on a project's Gemfile.

Because Simple Token Authentication is a gem, the Gemfile in the project is only used in the testing environment, which means that security issues, while interesting, wouldn't mean that using the gem would in any way introduce the vulnerabilities in the users' projects.

I decided to use the service thinking that I wouldn't want the gem to constrain a dependency in a way that would prevent it from being updated when needed. If updating the testing environment fo make Hakiri green was impossible, that would be a sign that the Simple Token Authentication's gemspec needs updating. So, it is not entirely useless even if the example is contrived.

On the other side, I wonder regularly how misleading the README badge might be and how many people think it talks about the security of the gem (or lack of thereof):

I'm temped to remove the badge (at which point I'd likely disable Hakiri as well because I doubt anyone would remember keeping track of it if it isn't visible anymore).

[gonzalo-bulnes]

Any thoughts @Allan-W-Smith?