// pypi 패키지
byn
Name reserved for byn — a local-first secure secrets vault & credential manager (a Go CLI). Install via `go install`, Homebrew, or https://github.com/sandeepbaynes/byn.
버전
1
메인테이너
1
최초 publish
2026-06-04
publisher
Sandeep Baynes
tarball
1,815 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
(no specific credential-read flag matched)
sends to
- ⚙ curl | bash(fetches + executes remote payload)
// offending code· @0.0.1· 1 file flagged
llm: malicious · 0.95→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
- @0.0.1··AUTO-PUBLISHED·publisher: Sandeep Baynesheuristic 55/100static flags 1llm malicious (0.95) via fast-trackpypi-sdist-setup-pynew-publisher:0dfirst-version-of-packagefirst-version-suspicious-publisherhas-source-repocurl-pipe-bash
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// offending code· 1 file flaggedpatterns: 1
--- byn-0.0.1/byn/__init__.py (excerpt) --- """byn — name reservation on PyPI. byn is a Go CLI (a local-first secure secrets vault and credential manager), not a Python package. This distribution only reserves the name. Install the real byn: go install github.com/sandeepbaynes/byn/cmd/byn@latest brew install sandeepbaynes/tap/byn curl -fsSL https://raw.githubusercontent.com/sandeepbaynes/byn/main/install.sh | sh Homepage: https://github.com/sandeepbaynes/byn """ __version__ = "0.0.1" HOMEPAGE = "https://github.com/sandeepbaynes/byn"
