Well, replit took the initiative to go and make an anti-hack for console repls expect it doesn’t work (me and @InvisibleOne did a little bit of bug hunting to find it). The best you can do is use it to verify the user but otherwise the user can spam requests, automate the game, etc.
I mean, it’s better than it was, but it’s not perfect either.
hmm what changes did they make?!
I mean, last time I worked with it was on the day it came out 
I was creating a JS version of the go lib which created and verified tokens, then I actually found out how insecure it is, and gave it up.
I’m really not part of the active community, but sometime later I saw ppl discussing the vulnerabilities and when I checked it now I see they’ve tried to fix it at least.
they tried to fix it, but as the person who actioned all of it, they have not changed anything other than just saying they will
Well, yeap. Maybe CLI tools were a mistake, but without them you could’ve still done it. Anyways, when they came out I figured I’d just make a lib wrapper for them in JS, and I did.
I did the same for python but then they just made it in python so I stopped