OurBigBook is designed to not allow arbitrary code execution by default on any OurBigBook CLI command.
This means that it it should be safe to just download any untrusted OurBigBook repository, and convert it with OurBigBook CLI, even if you don't trust its author.
In order to allow code execution for pre/post processing tasks e.g. from
prepublish, use the
Note however that you have to be careful in general, since e.g. a malicious author could create a package with their own malicious version of the
ourbigbookexecutable, that you could unknowingly run with with the standard