registry  /  bizcoder  /  0.3.63

bizcoder@0.3.63

BizCoder — 기업용 AI 코딩 에이전트 (terminal CLI). 웹과 같은 회사 계정·정책·청구로 묶입니다.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time behavior in this package. The CLI launcher delegates to a package-owned platform optional dependency only when the user runs bizcoder.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the bizcoder CLI.
Impact
Runs the selected bizcoder optional dependency binary with user-provided arguments; no source-level exfiltration or persistence shown.
Mechanism
Platform binary launcher via spawnSync
Rationale
Source inspection shows a conventional npm wrapper for platform-specific binaries and no lifecycle hooks or concrete attack chain. The suspicious install and shell hints are explained by documentation text and user-invoked child_process delegation.
Evidence
package.jsonbin/bizcoder.mjsREADME.md

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/bizcoder.mjs uses spawnSync to execute a platform-specific optional dependency binary on CLI invocation.
  • README.md is copied from OpenCode and advertises curl/bash install commands for opencode.ai, not bizcoder.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • bin/bizcoder.mjs only resolves bizcoder-${platform}-${arch}/bin/bizcoder and passes user CLI args with inherited stdio.
  • No credential harvesting, filesystem traversal, env scraping, eval/vm, persistence, or AI-agent config mutation found in packaged source.
  • The scanner's package install signal is only an error/help string, not executed package-manager code.
Behavioral surface
Source
ChildProcessShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 866 B of source, external domains: bizcoder.ai

Source & flagged code

2 flagged · loading source
bin/bizcoder.mjsView file
3// optional dependency) and execs it with full stdio passthrough. L4: import { spawnSync } from "node:child_process" L5: import { createRequire } from "node:module"
High
Child Process

Package source references child process execution.

bin/bizcoder.mjsView on unpkg · L3
3// optional dependency) and execs it with full stdio passthrough. L4: import { spawnSync } from "node:child_process" L5: import { createRequire } from "node:module" ... L14: console.error(`BizCoder: 이 플랫폼(${os.platform()}-${os.arch()})용 실행 파일을 찾지 못했어요.`) L15: console.error(`해결: npm install -g bizcoder --force · 안내: https://bizcoder.ai/cli/`) L16: process.exit(1)
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/bizcoder.mjsView on unpkg · L3

Findings

3 High1 Low
HighChild Processbin/bizcoder.mjs
HighShell
HighRuntime Package Installbin/bizcoder.mjs
LowUrl Strings