registry  /  bizcoder  /  0.3.77

bizcoder@0.3.77

BizCoder — 기업용 AI 코딩 에이전트 (terminal CLI). 웹과 같은 회사 계정·정책·청구로 묶입니다.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface in the inspected wrapper package. Runtime behavior is limited to user-invoked CLI delegation to a platform optional dependency binary.

Static reason
One or more suspicious static signals were detected.
Trigger
user runs the bizcoder CLI
Impact
executes the selected optional dependency binary with the user's CLI arguments
Mechanism
platform binary delegation via require.resolve and spawnSync
Rationale
The scanner findings map to a normal npm CLI launcher pattern and there is no install-time execution, exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation in the inspected source. The optional dependency binary is outside this extracted package, so this package should not be blocked on the wrapper alone.
Evidence
package.jsonbin/bizcoder.mjsREADME.mdbizcoder-${platform}-${arch}/bin/bizcoder

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for warning
  • bin/bizcoder.mjs uses child_process.spawnSync to execute a platform-specific optional dependency binary.
  • README.md appears copied from OpenCode and includes curl/npm install examples, but README content is not executed by this package.
Evidence against
  • package.json defines no preinstall/install/postinstall or other lifecycle scripts.
  • package.json exposes only the bizcoder bin and optionalDependencies for platform packages at the same version.
  • bin/bizcoder.mjs only require.resolve's bizcoder-${platform}-${arch}/bin/bizcoder and forwards user CLI arguments/stdio.
  • No source reads env secrets, scans files, writes config, mutates AI-agent control surfaces, or performs network requests.
Behavioral surface
Source
ChildProcessShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 866 B of source, external domains: bizcoder.ai

Source & flagged code

2 flagged · loading source
bin/bizcoder.mjsView file
3// optional dependency) and execs it with full stdio passthrough. L4: import { spawnSync } from "node:child_process" L5: import { createRequire } from "node:module"
High
Child Process

Package source references child process execution.

bin/bizcoder.mjsView on unpkg · L3
3// optional dependency) and execs it with full stdio passthrough. L4: import { spawnSync } from "node:child_process" L5: import { createRequire } from "node:module" ... L14: console.error(`BizCoder: 이 플랫폼(${os.platform()}-${os.arch()})용 실행 파일을 찾지 못했어요.`) L15: console.error(`해결: npm install -g bizcoder --force · 안내: https://bizcoder.ai/cli/`) L16: process.exit(1)
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/bizcoder.mjsView on unpkg · L3

Findings

3 High1 Low
HighChild Processbin/bizcoder.mjs
HighShell
HighRuntime Package Installbin/bizcoder.mjs
LowUrl Strings