{"id":13540331,"url":"https://github.com/orlikoski/CyLR","last_synced_at":"2025-04-02T07:30:52.367Z","repository":{"id":10949732,"uuid":"67550752","full_name":"orlikoski/CyLR","owner":"orlikoski","description":"CyLR - Live Response Collection Tool","archived":false,"fork":false,"pushed_at":"2022-06-01T23:24:42.000Z","size":11894,"stargazers_count":640,"open_issues_count":21,"forks_count":89,"subscribers_count":32,"default_branch":"main","last_synced_at":"2024-11-03T05:32:41.022Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/orlikoski.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-09-06T22:14:44.000Z","updated_at":"2024-11-02T20:52:21.000Z","dependencies_parsed_at":"2022-08-25T23:22:23.262Z","dependency_job_id":null,"html_url":"https://github.com/orlikoski/CyLR","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orlikoski%2FCyLR","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orlikoski%2FCyLR/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orlikoski%2FCyLR/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orlikoski%2FCyLR/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/orlikoski","download_url":"https://codeload.github.com/orlikoski/CyLR/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246774265,"owners_count":20831500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:46.938Z","updated_at":"2025-04-02T07:30:47.398Z","avatar_url":"https://github.com/orlikoski.png","language":"C#","funding_links":[],"categories":["IR Tools Collection","Tools","\u003ca id=\"e1fc1d87056438f82268742dc2ba08f5\"\u003e\u003c/a\u003e事件响应\u0026\u0026取证\u0026\u0026内存取证\u0026\u0026数字取证","4. [↑](#-content) Forensic \u0026 Malware Analysis"],"sub_categories":["Evidence Collection","Binary files examination and editing","\u003ca id=\"d0f59814394c5823210aa04a8fcd1220\"\u003e\u003c/a\u003e事件响应\u0026\u0026IncidentResponse","4.1 [↑](#-content) Forensic"],"readme":"# CyLR\n\n[![Build Status](https://travis-ci.com/orlikoski/CyLR.svg?branch=main)](https://travis-ci.com/orlikoski/CyLR)\n\nCyLR — Live Response Collection tool by Alan Orlikoski and Jason Yegge\n\n## Please Read\n\n[Open Letter to the users of Skadi, CyLR, and CDQR](https://docs.google.com/document/d/1L6CBvFd7d1Qf4IxSJSdkKMTdbBuWzSzUM3u_h5ZCegY/edit?usp=sharing)\n\n## Videos and Media\n\n* [OSDFCON 2017](http://www.osdfcon.org/presentations/2017/Asif-Matadar_Rapid-Incident-Response.pdf)\n  Slides: Walk-through different techniques that are required to provide\n  forensics results for Windows and *nix environments (Including CyLR and CDQR)\n\n## What is CyLR\n\nThe CyLR tool collects forensic artifacts from hosts with NTFS file systems\nquickly, securely and minimizes impact to the host.\n\nThe main features are:\n\n* Quick collection (it's really fast)\n* Raw file collection process does not use Windows API\n* Collection of key artifacts by default.\n* Ability to specify custom targets for collection.\n* Acquisition of special and in-use files, including alternate data streams,\n  system files, and hidden files.\n* Glob and regular expression patterns are available to specify custom targets.\n* Data is collected into a zip file, allowing the user to modify the compression\n  level, set an archive password, and file name.\n* Specification of a SFTP destination for the file archive.\n\nCyLR uses .NET Core and runs natively on Windows, Linux, and MacOS. Self\ncontained applications for the following are included in releases for\nversion 2.0 and higher.\n\n* Windows x86\n* Windows x64\n* Linux x64\n* MacOS x64\n\n## SYNOPSIS\n\nBelow is the output of CyLR:\n\n```text\n$ CyLR -h\nCyLR Version 2.2.0.0\n\nUsage: CyLR [Options]... [Files]...\n\nThe CyLR tool collects forensic artifacts from hosts with NTFS file systems\nquickly, securely and minimizes impact to the host.\n\nThe available options are:\n-od\n        Defines the directory that the zip archive will be created in.\n        Defaults to current working directory.\n        Usage: -od \u003cdirectory path\u003e\n-of\n        Defines the name of the zip archive will be created. Defaults to\n        host machine's name.\n        Usage: -of \u003carchive name\u003e\n-c\n        Optional argument to provide custom list of artifact files and\n        directories (one entry per line). NOTE: Please see\n        CUSTOM_PATH_TEMPLATE.txt for sample.\n        Usage: -c \u003cpath to config file\u003e\n-d\n        Same as '-c' but will collect default paths included in CyLR in\n        addition to those specified in the provided config file.\n        Usage: -d \u003cpath to config file\u003e\n-u\n        SFTP username\n        Usage: -u \u003csftp-username\u003e\n-p\n        SFTP password\n        Usage: -p \u003cpassword\u003e\n-s\n        SFTP Server resolvable hostname or IP address and port. If no port\n        is given then 22 is used by default.  Format is \u003cserver name\u003e:\u003cport\u003e\n        Usage: -s \u003cip\u003e:\u003cport\u003e\n-os\n        Defines the output directory on the SFTP server, as it may be a\n        different location than the ZIP generate on disk. Can be full or\n        relative path.\n        Usage: -os \u003cdirectory path\u003e\n-zp\n        If specified, the resulting zip file will be password protected\n        with this password.\n        Usage: -zp \u003cpassword\u003e\n-zl\n        Uses a number between 1-9 to change the compression level\n        of the archive file. Defaults to 3\n        Usage: -zl \u003c0-9\u003e\n--no-sftpcleanup\n        Disables the removal of the .zip file used for collection after\n        uploading to the SFTP server. Only applies if SFTP option is enabled.\n        Usage: --no-sftpcleanup\n--dry-run\n        Collect artifacts to a virtual zip archive, but does not send\n        or write to disk.\n--force-native\n        Uses the native file system instead of a raw NTFS read. Unix-like\n        environments always use this option.\n--usnjrnl\n        Enables collecting $UsnJrnl\n-l\n        Sets the file path to write log messages to. Defaults to ./CyLR.log\n        Usage: -l CyLR_run.log\n-q\n        Disables logging to the console and file.\n        Usage: -q\n-v\n        Increases verbosity of the console log. By default the console\n        only shows information or greater events and the file log shows\n        all entries. Disabled when `-q` is used.\n        Usage: -v\n```\n\n## Default Collection Paths\n\nCyLR tool collects forensic artifacts from hosts with NTFS file systems\nquickly, securely and minimizes impact to the host. All collection paths are\ncase-insensitive.\n\n**Note:** See CollectionPaths.cs for a full list of default files collected and\nfor the underlying patterns used for collection. You can easily extend this list\nthrough the use of patterns as shown in CUSTOM_PATH_TEMPLATE.txt or by opening\na pull request.\n\nThe standard list of collected artifacts are as follows.\n\n### Windows\n\nSystem Root (ie `C:\\Windows`):\n\n* `%SYSTEMROOT%\\Tasks\\**`\n* `%SYSTEMROOT%\\Prefetch\\**`\n* `%SYSTEMROOT%\\System32\\sru\\**`\n* `%SYSTEMROOT%\\System32\\winevt\\Logs\\**`\n* `%SYSTEMROOT%\\System32\\Tasks\\**`\n* `%SYSTEMROOT%\\System32\\Logfiles\\W3SVC1\\**`\n* `%SYSTEMROOT%\\Appcompat\\Programs\\**`\n* `%SYSTEMROOT%\\SchedLgU.txt`\n* `%SYSTEMROOT%\\inf\\setupapi.dev.log`\n* `%SYSTEMROOT%\\System32\\drivers\\etc\\hosts`\n* `%SYSTEMROOT%\\System32\\config\\SAM`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE`\n* `%SYSTEMROOT%\\System32\\config\\SECURITY`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE`\n* `%SYSTEMROOT%\\System32\\config\\SAM.LOG1`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE.LOG1`\n* `%SYSTEMROOT%\\System32\\config\\SECURITY.LOG1`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE.LOG1`\n* `%SYSTEMROOT%\\System32\\config\\SAM.LOG2`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE.LOG2`\n* `%SYSTEMROOT%\\System32\\config\\SECURITY.LOG2`\n* `%SYSTEMROOT%\\System32\\config\\SOFTWARE.LOG2`\n\nProgram Data (ie `C:\\ProgramData`):\n\n* `%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\**`\n\nDrive Root (ie `C:\\`)\n\n* `%SYSTEMDRIVE%\\$Recycle.Bin\\**\\$I*`\n* `%SYSTEMDRIVE%\\$Recycle.Bin\\$I*`\n* `%SYSTEMDRIVE%\\$LogFile`\n* `%SYSTEMDRIVE%\\$MFT`\n\nUser Profiles (ie `C:\\Users\\*`):\n\n* `C:\\Users\\*\\NTUser.DAT`\n* `C:\\Users\\*\\NTUser.DAT.LOG1`\n* `C:\\Users\\*\\NTUser.DAT.LOG2`\n* `C:\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\**`\n* `C:\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadline\\ConsoleHost_history.txt`\n* `C:\\Users\\*\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\**`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Windows\\WebCache\\**`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Windows\\Explorer\\**`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2`\n* `C:\\Users\\*\\AppData\\Local\\ConnectedDevicesPlatform\\**`\n* `C:\\Users\\*\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History\\**`\n* `C:\\Users\\*\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\History\\**`\n\n### macOS\n\n**Note**: Modern macOS systems have functionality that will prompt the user to\napprove on a per-application basis, access to sensitive locations on a system.\nThis can be overridden through modifying the System Preferences to give the CyLR\nbinary and it's parent process (such as Terminal) full disk access.\n\nSystem paths:\n\n* `/etc/hosts.allow`\n* `/etc/hosts.deny`\n* `/etc/hosts`\n* `/etc/passwd`\n* `/etc/group`\n* `/etc/rc.d/**`\n* `/var/log/**`\n* `/private/etc/rc.d/**`\n* `/private/etc/hosts.allow`\n* `/private/etc/hosts.deny`\n* `/private/etc/hosts`\n* `/private/etc/passwd`\n* `/private/etc/group`\n* `/private/var/log/**`\n* `/System/Library/StartupItems/**`\n* `/System/Library/LaunchAgents/**`\n* `/System/Library/LaunchDaemons/**`\n* `/Library/StartupItems/**`\n* `/Library/LaunchAgents/**`\n* `/Library/LaunchDaemons/**`\n* `/.fseventsd/**`\n\nLibraries paths:\n\n* `**/Library/*Support/Google/Chrome/Default/*`\n* `**/Library/*Support/Google/Chrome/Default/History*`\n* `**/Library/*Support/Google/Chrome/Default/Cookies*`\n* `**/Library/*Support/Google/Chrome/Default/Bookmarks*`\n* `**/Library/*Support/Google/Chrome/Default/Extensions/**`\n* `**/Library/*Support/Google/Chrome/Default/Extensions/Last*`\n* `**/Library/*Support/Google/Chrome/Default/Extensions/Shortcuts*`\n* `**/Library/*Support/Google/Chrome/Default/Extensions/Top*`\n* `**/Library/*Support/Google/Chrome/Default/Extensions/Visited*`\n\nUser paths:\n\n* `/root/.*history`\n* `/Users/*/.*history`\n\nOther Paths:\n\n* `**/places.sqlite*`\n* `**/downloads.sqlite*`\n\n### Linux\n\nSystem Paths:\n\n* `/etc/hosts.allow`\n* `/etc/hosts.deny`\n* `/etc/hosts`\n* `/etc/passwd`\n* `/etc/group`\n* `/etc/crontab`\n* `/etc/cron.allow`\n* `/etc/cron.deny`\n* `/etc/anacrontab`\n* `/etc/apt/sources.list`\n* `/etc/apt/trusted.gpg`\n* `/etc/apt/trustdb.gpg`\n* `/etc/resolv.conf`\n* `/etc/fstab`\n* `/etc/issues`\n* `/etc/issues.net`\n* `/etc/insserv.conf`\n* `/etc/localtime`\n* `/etc/timezone`\n* `/etc/pam.conf`\n* `/etc/rsyslog.conf`\n* `/etc/xinetd.conf`\n* `/etc/netgroup`\n* `/etc/nsswitch.conf`\n* `/etc/ntp.conf`\n* `/etc/yum.conf`\n* `/etc/chrony.conf`\n* `/etc/chrony`\n* `/etc/sudoers`\n* `/etc/logrotate.conf`\n* `/etc/environment`\n* `/etc/hostname`\n* `/etc/host.conf`\n* `/etc/fstab`\n* `/etc/machine-id`\n* `/etc/screen-rc`\n* `/etc/rc.d/**`\n* `/etc/cron.daily/**`\n* `/etc/cron.hourly/**`\n* `/etc/cron.weekly/**`\n* `/etc/cron.monthly/**`\n* `/etc/modprobe.d/**`\n* `/etc/modprobe-load.d/**`\n* `/etc/*-release`\n* `/etc/pam.d/**`\n* `/etc/rsyslog.d/**`\n* `/etc/yum.repos.d/**`\n* `/etc/init.d/**`\n* `/etc/systemd.d/**`\n* `/etc/default/**`\n* `/var/log/**`\n* `/var/spool/at/**`\n* `/var/spool/cron/**`\n* `/var/spool/anacron/cron.daily`\n* `/var/spool/anacron/cron.hourly`\n* `/var/spool/anacron/cron.weekly`\n* `/var/spool/anacron/cron.monthly`\n* `/boot/grub/grub.cfg`\n* `/boot/grub2/grub.cfg`\n* `/sys/firmware/acpi/tables/DSDT`\n\nUser paths:\n\n* `/root/.*history`\n* `/root/.*rc`\n* `/root/.*_logout`\n* `/root/.ssh/config`\n* `/root/.ssh/known_hosts`\n* `/root/.ssh/authorized_keys`\n* `/root/.selected_editor`\n* `/root/.viminfo`\n* `/root/.lesshist`\n* `/root/.profile`\n* `/root/.selected_editor`\n* `/home/*/.*history`\n* `/home/*/.ssh/known_hosts`\n* `/home/*/.ssh/config`\n* `/home/*/.ssh/autorized_keys`\n* `/home/*/.viminfo`\n* `/home/*/.profile`\n* `/home/*/.*rc`\n* `/home/*/.*_logout`\n* `/home/*/.selected_editor`\n* `/home/*/.wget-hsts`\n* `/home/*/.gitconfig`\n* `/home/*/.mozilla/firefox/*.default*/**/*.sqlite*`\n* `/home/*/.mozilla/firefox/*.default*/**/*.json`\n* `/home/*/.mozilla/firefox/*.default*/**/*.txt`\n* `/home/*/.mozilla/firefox/*.default*/**/*.db*`\n* `/home/*/.config/google-chrome/Default/History*`\n* `/home/*/.config/google-chrome/Default/Cookies*`\n* `/home/*/.config/google-chrome/Default/Bookmarks*`\n* `/home/*/.config/google-chrome/Default/Extensions/**`\n* `/home/*/.config/google-chrome/Default/Last*`\n* `/home/*/.config/google-chrome/Default/Shortcuts*`\n* `/home/*/.config/google-chrome/Default/Top*`\n* `/home/*/.config/google-chrome/Default/Visited*`\n* `/home/*/.config/google-chrome/Default/Preferences*`\n* `/home/*/.config/google-chrome/Default/Login Data*`\n* `/home/*/.config/google-chrome/Default/Web Data*`\n\n## DEPENDENCIES\n\nIn general: some kind of administrative rights on the target (root, sudo,\nadministrator,...).\n\nCyLR now uses .NET Core and now runs natively on Windows, Linux, and MacOS as\na .NET Core app or a self contained executable through the\n[warp packer](https://github.com/dgiagio/warp)\nAs a note, the package script will download the warp packer to generate a\nsingle binary with the CyLR resources and full CLR runtime for portability.\nThis means that the binary will unpack in a temporary location for execution.\nAccording to the warp documentation, these locations are:\n\nPackages cache location:\n\n* Linux: `$HOME/.local/share/warp/packages`\n* macOS: `$HOME/Library/Application Support/warp/packages`\n* Windows: `%LOCALAPPDATA%\\warp\\packages`\n\nRunners cache location:\n\n* Linux: `$HOME/.local/share/warp/runners`\n* macOS: `$HOME/Library/Application Support/warp/runners`\n* Windows: `%LOCALAPPDATA%\\warp\\runners`\n\nThese caches are only created on first execution or when the packed binary is\nupdated.\n\n## EXAMPLES\n\n### Standard collection\n\n```text\nCyLR.exe\n```\n\n### Linux/macOS collection\n\n```text\n./CyLR\n```\n\n### Collect artifacts and store data in \"C:\\Temp\\LRData\"\n\n```text\nCyLR.exe -od \"C:\\Temp\\LRData\"\n```\n\n### Collect artifacts and store data in \".\\LRData\"\n\n```text\nCyLR.exe -od LRData\n```\n\n### Disable log file\n\n```text\nCyLR.exe -q\n```\n\n### Collect artifacts and send data to SFTP server 8.8.8.8\n\n```text\nCyLR.exe -u username -p password -s 8.8.8.8\n```\n\n### Collect to another folder and filename\n\n```text\nCyLR -od data -of important-data.zip\n```\n\n### Collect USN $J Journal\n\n```text\nCyLR --usnjrnl\n```\n\n### Collect custom list of artifacts from a file containing paths\n\nThe sample `custom.txt`, requires a **tab delimiter** between pattern\ndefinition and pattern. Lines starting with `#` will be ignored:\n\n```text\n# Static paths are fixed, case-insensitive paths to compare\n# against files found on a system. This is the fastest search\n# method available, please use when possible.\n#\nstatic  C:\\Windows\\System32\\Config\\SAM\n#\n# Glob paths leverage glob patterns specified at\n# `https://github.com/dazinator/DotNet.Glob`. This is faster than RegEx and\n# should be favored unless more complex patterns are required. Useful for\n# scanning for files by name or extension recursively. Also useful for\n# collecting a folder recursively.\n#\nglob    **\\malware.exe\n#\n# Regex paths leverage the .NET Regex capabilities and will search for\n# specified patterns across accessible files. This is the slowest option and\n# should be saved for unique use cases that are not supported by globbing.\n#\nregex   .*\\Windows\\Temp\\[a-z]{8}\\+*\n```\n\nThis can then be supplied to CyLR for a custom collection of just these paths:\n\n```text\nCyLR.exe -c custom.txt\n```\n\n### Collection of custom paths in addition to the default paths\n\n```text\nCyLR -d custom.txt\n```\n\n## Custom collection paths\n\nCyLR allows for the specification of custom collection paths with the use of\na configuration file provided after `-c` or `-d` at the command line. A brief\nsummary of the format is below, though full details are available within the\n`CUSTOM_PATH_TEMPLATE.txt` provided in the repository.\n\nThe custom collection path file allows for the specification of files to collect\nfrom a target system. The format is tab delimited, where the first field is a\npattern type indicator and the second field is the pattern to collect.\n\n* **NOTE**: As previously mentioned, all collection paths are case-insensitive.\n* **NOTE**: The path specifier needs to match the platform you are collecting\n  from. For Windows, it must be `\\` and `/` for macOS and Linux.\n* **NOTE**: You must use tabs to delimit the patterns. Spaces will not\n  work. This means that spaces are allowed in the second field containing\n  pattern content\n\n### Pattern Types\n\nThere are 4 pattern types, summarized below:\n\n* static\n  * This format allows for the specification of a specific file at a known path.\n  * This is the fastest pattern type, as it is performing a string comparison.\n  * Example: `static    C:\\Windows\\System32\\config\\SAM`\n* glob\n  * This format allows the specification of basic patterns. Most commonly used\n    to collect the contents of a folder, even recursively. Has a few common\n    implementations, demonstrated in the examples below.\n  * While not as fast as static paths, it allows for some common pattern\n    matching and is faster than leveraging regular expressions.\n  * Example: `glob    C:\\Users\\*\\ntuser.dat` - collects the NTUser.dat from each user.\n  * Example: `glob    C:\\**\\malware.exe` - collects files named `malware.exe`\n    regardless of what folder they are in, recursively.\n  * Example: `glob    C:\\Users\\*\\AppData\\Microsoft\\Windows\\Recent\\*.lnk` -\n    collects all files ending with `.lnk`\n  * Example: `glob    **\\*malware*` - collects all files recursively.\n  * More details at [github.com/dazinator/DotNet.Glob](https://github.com/dazinator/DotNet.Glob)\n* regex\n  * Allows the specification of advanced patterns through .NET's regular\n    expression implementation.\n  * Example: `regex    C:\\[0-9]+.exe` - collect all numeric-only executables in\n    the root of the `C:\\` drive.\n* force\n  * Same as the static option, though will attempt collection even if the file\n    is not identified in the file enumeration process.\n  * This is useful in the collection of alternate data streams and special\n    files not generally exposed to directory traversal functions.\n  * Example: `force    C:\\$Extend\\$UsnJrnl:$J`\n\n## Building\n\nCyLR binaries are available for download, prebuilt for use on macOS, Linux, and\nWindows operating systems. The following operating systems were tested against:\n\n* Windows 10, build 1909\n* macOS 10.14.16\n* Debian 10\n* Ubuntu 18.04\n* CentOS 8.1\n* RedHat 8.1\n\nTo build CyLR yourself, follow the below steps:\n\n1. Install dotnet core on your platform\n1. Clone this repository\n1. Run the following scripts in order:\n    1. Linux/macOS: `./scripts/test.sh` or Windows: `.\\scripts\\test_win.ps1`\n    1. Linux/macOS: `./scripts/build.sh` or Windows: `.\\scripts\\build_win.ps1`\n    1. Linux/macOS: `./scripts/package.sh` or Windows: `.\\scripts\\package_win.ps1`\n\nAs a note, the package script will download the warp packer to generate a\nsingle binary with the CyLR resources and full CLR runtime for portability.\nThis means that the binary will unpack in a temporary location for execution.\nAccording to the warp documentation, these locations are:\n\nPackages cache location:\n\n* Linux: `$HOME/.local/share/warp/packages`\n* macOS: `$HOME/Library/Application Support/warp/packages`\n* Windows: `%LOCALAPPDATA%\\warp\\packages`\n\nRunners cache location:\n\n* Linux: `$HOME/.local/share/warp/runners`\n* macOS: `$HOME/Library/Application Support/warp/runners`\n* Windows: `%LOCALAPPDATA%\\warp\\runners`\n\nThese caches are only created on first execution or when the packed binary is\nupdated.\n\n## AUTHORS\n\n* [Jason Yegge](https://github.com/Lansatac)\n* [Alan Orlikoski](https://github.com/rough007)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forlikoski%2FCyLR","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forlikoski%2FCyLR","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forlikoski%2FCyLR/lists"}