@xiaoxionga/buzz 2.1.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +18 -12
  2. package/bin/buzz.js +21 -8
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -38,22 +38,28 @@ Default unit is **minutes**. Add a suffix to override:
38
38
 
39
39
  ## How It Works
40
40
 
41
- | Platform | Method | Install needed? | Admin needed? |
42
- |----------|--------|:---------------:|:-------------:|
43
- | **macOS** | `caffeinate -i` (built-in) | ❌ | ❌ |
44
- | **Windows** | PowerShell `SendKeys F15` (built-in) | ❌ | ❌ |
45
- | **Linux** | `xdotool` (pre-installed on most distros) | maybe | ❌ |
41
+ | Platform | Method | Install needed? | Admin needed? | EDR Safe? |
42
+ |----------|--------|:---------------:|:-------------:|:---------:|
43
+ | **macOS** | `caffeinate -i` (built-in) | ❌ | ❌ | ✅ |
44
+ | **Windows** | `SendKeys F15` (built-in, minimal) | ❌ | ❌ | ✅ |
45
+ | **Linux** | `xdotool` (pre-installed) | maybe | ❌ | ✅ |
46
46
 
47
- - **macOS**: Uses Apple's built-in `caffeinate` — not even a mouse jiggle, just cleanly blocks idle sleep.
48
- - **Windows**: Presses F15 every 30 seconds via PowerShell. No app binds to F15, so it's completely harmless.
49
- - **Linux**: Moves mouse 1px via `xdotool`.
47
+ ### Corporate Safety (Windows)
48
+
49
+ buzz deliberately uses **only** the most benign method on Windows (`WScript.Shell.SendKeys('{F15}')`) to avoid triggering corporate security software (EDR/DLP/antivirus). It does **NOT** use:
50
+
51
+ - ❌ `Add-Type` + `DllImport` — flagged as malware technique by CrowdStrike/Defender
52
+ - ❌ `SetThreadExecutionState` via PowerShell — P/Invoke into kernel32.dll triggers EDR
53
+ - ❌ Automated mouse movement — flagged as keylogger behavior
54
+
55
+ **If corporate GPO still locks your screen**: buzz can't override hard GPO policies. Use a **hardware Mouse Jiggler** instead — a USB device (~¥15 on Taobao) that physically simulates mouse movement. Zero software footprint, zero EDR detection risk.
50
56
 
51
57
  ## Why buzz?
52
58
 
53
- - **Zero dependencies** — `package.json` has no `dependencies` field. Nothing to break.
54
- - **No admin required** — perfect for locked-down corporate laptops.
55
- - **Cross-platform** — macOS, Windows, Linux all supported out of the box.
56
- - **Clean exit** — `buzz stop` from any terminal kills the running instance.
59
+ - **Zero dependencies** — nothing to break, nothing to audit
60
+ - **No admin required** — perfect for locked-down corporate laptops
61
+ - **EDR-safe** — no suspicious API calls or DLL imports
62
+ - **Cross-platform** — macOS, Windows, Linux all supported
57
63
 
58
64
  ## Examples
59
65
 
package/bin/buzz.js CHANGED
@@ -36,9 +36,14 @@ USAGE:
36
36
  buzz help Show this help
37
37
 
38
38
  PLATFORMS:
39
- macOS Uses 'caffeinate' (built-in, zero install)
40
- Windows Uses PowerShell SendKeys (built-in, zero install)
41
- Linux Uses xdotool (if available)
39
+ macOS Uses 'caffeinate' (built-in, zero install)
40
+ Windows Uses PowerShell SendKeys F15 (built-in, zero install)
41
+ Linux Uses xdotool (if available)
42
+
43
+ CORPORATE WINDOWS NOTE:
44
+ Some corporate GPO policies enforce lock screen regardless of input.
45
+ If buzz doesn't work on your work PC, use a hardware Mouse Jiggler
46
+ (USB device, ~$2 on Taobao) — zero software footprint, zero EDR risk.
42
47
 
43
48
  EXAMPLES:
44
49
  buzz 30 # 30 minutes
@@ -130,12 +135,20 @@ function startCaffeinate(durationMs) {
130
135
  }
131
136
 
132
137
  /**
133
- * Windows: use PowerShell SendKeys to press F15 every 30s.
134
- * F15 is harmless — no app binds to it.
135
- * Zero install, zero admin.
138
+ * Windows: minimal F15 keystroke via SendKeys
139
+ *
140
+ * DELIBERATELY MINIMAL for corporate safety:
141
+ * - NO Add-Type / DllImport (triggers EDR alerts — looks like malware)
142
+ * - NO SetThreadExecutionState via PowerShell (same issue)
143
+ * - NO mouse movement automation (flagged as keylogger behavior)
144
+ *
145
+ * Only uses WScript.Shell.SendKeys('{F15}') — the most benign method.
146
+ * F15 has no function in any app, so pressing it is completely harmless.
147
+ *
148
+ * If corporate lock screen still triggers (GPO hard policy), use a
149
+ * hardware Mouse Jiggler (USB device) instead — zero software footprint.
136
150
  */
137
151
  function jiggleWindows() {
138
- // Single PowerShell invocation that loops every 30s
139
152
  const psScript = `
140
153
  $wsh = New-Object -ComObject WScript.Shell
141
154
  while ($true) {
@@ -234,7 +247,7 @@ function cmdRun(durationMs) {
234
247
  console.log(BEE);
235
248
 
236
249
  const platformLabel = PLATFORM === 'darwin' ? 'macOS caffeinate'
237
- : PLATFORM === 'win32' ? 'Windows SendKeys'
250
+ : PLATFORM === 'win32' ? 'Windows SendKeys F15 (safe mode)'
238
251
  : 'Linux xdotool';
239
252
 
240
253
  if (durationMs) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xiaoxionga/buzz",
3
- "version": "2.1.0",
3
+ "version": "2.2.1",
4
4
  "description": "🐝 Keep your screen awake — zero dependencies, no admin required",
5
5
  "main": "bin/buzz.js",
6
6
  "bin": {