Lines 1-31javascript
2// ============================================================================
3// create-lovable-seo-agent — installer CLI
4// Flow: license prompt → verify → activate → download bundle → extract
5// ============================================================================
6import { createHash } from "node:crypto";
7import { hostname, platform, arch, homedir } from "node:os";
8import { mkdirSync, existsSync, readFileSync, writeFileSync } from "node:fs";
9import { join, resolve } from "node:path";
10import { pipeline } from "node:stream/promises";
11import { Readable } from "node:stream";
12import { spawn } from "node:child_process";
13import prompts from "prompts";
HighChild Process
Package source references child process execution.
bin/index.mjsView on unpkg · L11 14import pc from "picocolors";
15import * as tar from "tar";
18 process.env.LOVABLE_SEO_LICENSE_SERVER ??
19 "https://yntavqukvncoiutdfndd.supabase.co/functions/v1/license-server";
20
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/index.mjsView on unpkg · L11 21const CONFIG_DIR = join(homedir(), ".lovable-seo-agent");
22const CONFIG_FILE = join(CONFIG_DIR, "config.json");
24// ── helpers ────────────────────────────────────────────────────────────────
25function readSavedConfig() {
27 return JSON.parse(readFileSync(CONFIG_FILE, "utf8"));
28 } catch { return {}; }
HighHost Fingerprint Exfiltration
Source collects local host identity data and sends it to an external endpoint.
bin/index.mjsView on unpkg · L11 HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/index.mjsView on unpkg · L11 31function saveConfig(cfg) {