3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
HighChild Process
Package source references child process execution.
bin/byob.jsView on unpkg · L3 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/byob.jsView on unpkg · L3 465}
L466: return `${logo}\n\nBuild Your Own Buzz\nhttps://byob.studio\n`;
L467: }
...
L469: function printWizardStep(message) {
L470: process.stdout.write(`\n> ${message}\n`);
L471: }
...
L473: function commandExists(command) {
L474: const result = spawnSync(
L475: process.platform === "win32" ? "where" : "command",
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/byob.jsView on unpkg · L465 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
L9: import dns from "node:dns/promises";
L10: import { dirname, join } from "node:path";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
L18: const PACKAGE_ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/byob.jsView on unpkg · L3 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
L9: import dns from "node:dns/promises";
L10: import { dirname, join } from "node:path";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
L18: const PACKAGE_ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
LowWeak Crypto
Package source references weak cryptographic algorithms.
bin/byob.jsView on unpkg · L3