3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
HighChild Process
Package source references child process execution.
bin/byob.jsView on unpkg · L3 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/byob.jsView on unpkg · L3 696}
L697: return `${logo}\n\nBuild Your Own Buzz\nhttps://byob.studio\n`;
L698: }
...
L700: function printWizardStep(message) {
L701: process.stdout.write(`\n> ${message}\n`);
L702: }
...
L704: function commandExists(command) {
L705: const result = spawnSync(
L706: process.platform === "win32" ? "where" : "command",
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/byob.jsView on unpkg · L696 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
L9: import dns from "node:dns/promises";
L10: import { dirname, join } from "node:path";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
L18: const PACKAGE_ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/byob.jsView on unpkg · L3 1845'bun --version 2>/dev/null | sed "s/^/bun_version=/" || true',
L1846: "if [ -f package.json ] && command -v node >/dev/null 2>&1; then node -e 'const p=require(\"./package.json\"); console.log(\"package_manager=\"+(p.packageManager||\"\")); console.l...
L1847: ].join(" && ");
MediumDynamic Require
Package source references dynamic require/import behavior.
bin/byob.jsView on unpkg · L1845 3import { createInterface } from "node:readline";
L4: import { spawn, spawnSync } from "node:child_process";
L5: import { chmodSync, copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
L6: import { createHash, randomBytes } from "node:crypto";
L7: import net from "node:net";
L8: import tls from "node:tls";
L9: import dns from "node:dns/promises";
L10: import { dirname, join } from "node:path";
...
L15: const PROD_PRIM_URL = "https://prim.api.byob.studio";
L16: const DEFAULT_AIR_URL = process.env.BYOB_AIR_URL || PROD_AIR_URL;
L17: const DEFAULT_PRIM_URL = process.env.BYOB_PRIM_URL || PROD_PRIM_URL;
L18: const PACKAGE_ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
LowWeak Crypto
Package source references weak cryptographic algorithms.
bin/byob.jsView on unpkg · L3