255 comments found.
1 – How can i create my own models of template, can i for example create on lovable some frontend design, make the download from all folders, zip, and upload on webby ?
2 – Its possible with the webby create microsaas with login, rules e?
3 – Have some update for the client buy more credits without update plans ?
MAJOR SECURITY ISSUE QUESTION regarding AI findings:
AI DISCOVERY: Webby uses a split architecture where a Laravel backend communicates with an external, autonomous Go-based AI agent that builds and compiles `.tsx` websites directly on your VPS filesystem using Node.js and npm. Because there is no containerization or virtualization (like Docker) out of the box, the system runs on a shared local storage model (`./storage/workspaces`). This leaves your server highly vulnerable to multi-tenant cross-contamination, malicious npm supply chain code execution, resource exhaustion (DoS), and directory-traversal attacks, as any malicious code executed by the AI agent runs natively on your host operating system under the same user permissions.
IMPORTANT QUESTION: Since the Go builder runs natively on the host server and manages multiple user projects in a shared local directory (`./storage/workspaces`) without native containerization or kernel-level isolation, how does the platform prevent a malicious user from executing prompt-injection attacks, running unsafe third-party npm install hooks, or accessing/contaminating other users’ workspace directories?
- npm supply-chain / install hooks: Every npm install runs with—ignore-scripts, so malicious postinstall/lifecycle scripts never execute. This closes the most common npm attack vector.
- Directory traversal / cross-workspace access: Every file operation the AI performs is routed through a path validator that rejects ”..” and absolute paths and resolves symlinks to confirm the real path stays inside that project’s folder. Each workspace is keyed to the project’s random UUID, and Laravel enforces an ownership check before any request reaches the builder, so one user simply cannot read or write another user’s workspace.
- Prompt injection: The agent’s only tools are file operations confined to its own workspace plus a sandboxed build, it has no shell-escape, no access to your .env/.git/build config, and no cross-project reach. So even a successful injection is boxed into “edit files in the project it was already authorized for.”
- Resource abuse / DoS: Builds are capped by per-user credits (enforced server-side) and one active build per user, plus timeouts on build commands.
Webby is intentionally designed for streamlined, low-infrastructure deployment. Because the script runs natively on the host rather than spinning up individual containers for every project, it may not be the appropriate solution if your specific use case requires kernel-level, per-project containerization.
Hi, do ylu have any videos of the builder generating anyting in a live demo? or where can we test the generations
do you people provide assistance deploy to server vps??
What size does the logo need to be to be compatible with the system in the configuration?
Suggestions for adding some features:
- Add Supabase as an alternative to Firebase.
- Add a Shopify template/theme builder feature. Lovable also provides an option to build Shopify templates and themes.
- Add domain selling platform APIs such as OpenProvider, Realtime Register, Dynadot, etc. This will allow customers to buy domains and connect them instantly.
- Add integration with cPanel or DirectAdmin for website hosting and database management.
Please reply TKT-000361. even after setting up builder and configure ai providers getting. Nothing built yet issue while building landing page. Please reply I’m waiting from 2 days. Thanks
Any plan to add Supabase as default DB like Lovable ? What’s stopping you guys to vibecode a 100 % lovable.dev clone quickly ? Also, I want to learn about the latest debugging updates on the buyers complaining about having too many bugs .
1. Yes, we do have plans to add Supabase support as a plugin.
2. Regarding the question of why we do not simply “vibe code” a 100% Lovable.dev clone: Webby is not built that way. We use AI primarily to assist with automated testing and development workflows, but the core product is carefully engineered, reviewed, and maintained by our team. We are focused on building a stable, production-ready platform, not a rushed clone.
3. As for the reported bugs, most of the issues raised by buyers have already been addressed in recent updates. We recommend checking the changelogs regularly to stay updated on fixes, improvements, and new debugging enhancements.
“Image fetching is not yet implemented, but it’s planned for future updates” ..
1. good to hear (any idea when?) .. what about website text/data? can it be fetched as RAG so user doesnt have to re-copy/paste their existing site into chatbot? if not, this would be one of the first things you might want to add.
2. how do images get created in current webby app? (other than stock images) are they created by the AI (ie nano banana)? or does user have to upload?
Looks Nice …
1. Most requested feature from clients is to rebuild existing sites .. Can Webby fetch data/images from existing sites and rebuild based on existing data, images and new style description from user?
2. Is Firebase required? Or can use Mysql instead? for customer apps?
3. if user exceeds monthly AI token allowance, can user buy AI credits?
1. Image fetching is not yet implemented, but it’s planned for future updates.
2. Currently, only Firebase is supported as the database.
3. AI credit purchases are not available now, but will be added in a future release.
Hi, before purchase I have some queries.
1. I check the demo. I created a sample website but there is no option to download the source code? 2. For production I need to purchase any AI like chatgpt plan? 3. Can I use regular as saas mean I can host and any one use free and paid plan by making payment. 4. Can add the indian supported payment gateway like Razorpay. 5. Not find the custom domain option.
6. demo expired, so not able to check the options.
1. The projects are hosted on your server which forces your customers to keep renewing their plan. This follows lovable.dev model.
2. You have a wide range of options, you can use Claude, Grok, Deepseek, OpenAI or even Ollama.
3. Yes.
4. Razorpay is a paid plugin.
5. Custom domains are configurable per project settings.
1. As a subscribed user, can they create a website/ project and can download the source code and can host their own hosting provider. Or they can only use our platform for hosting?
2. I am new in AI platform. How these ai option work like claude, grok… Before go live l need to purchase the any one plan? Is there any inbuilt for free plan. Because till any real client I need to pay these ai platform.
4. Which payment method as of now script is supporting?
- suppose user don’t want custom domain, he is ok with our subdomain then your application will handle this auto like user can select the prefix or random subdomain?
- which VPS hosting required
1. Currently, users can only host their projects on your server, similar to the Lovable.dev model.
2. The script does not include free AI; you will need to purchase credits from AI providers. If you want to offer a free AI option, we recommend an Ollama subscription, as it offers decent limits.
3. The script includes Bank Transfer and PayPal as default payment methods. Additional payment plugins can be purchased separately.
Users can utilize a subdomain of your main domain.
We strongly recommend reviewing the documentation.
What would the website installation process be like?
Please read the documentation.
What size does the logo need to be to be compatible with the system in the configuration?
What size does the logo need to be to be compatible with the system in the configuration?
This has been fixed.
Any refer and eran system to users get comission? Can be install in shared hosting?
We do not recommend shared hosting. This is an agentic platform and requires SSH access.
But if my shared hosting plan has access SSH can be?
That will likely still not work. SSH access on shared hosting is very restricted, and the agent binary might not even run.
Yes, there is a commission system.
this looks good. When the next update will be?
The demo is already using the latest version and it will be released soon.
Can be installed in shared hosting or only vps?
Using a shared hosting for an agentic platform is a bad idea, you should use a VPS if you want serious business.
Are saas features offered in regular license?
Yes.
There are 2 things to be clarified before I purchase.
I tried to login to your ticket system using my codecanyon account, your app is asking for all kinds of permission like view my purchase history, download my purchased items, view my private collections, so on…. WHY? As far as I understand, you only need my public information to create a profile on your dashboard.
2. Is the code fully open source? Any files protected with ionCube or other encryption? Are core SaaS modules editable? Are there any license checks that require your server?”
These permissions are used to track your purchases of our products.
Everything is open source.
Hello, I submitted a ticket to seek support as the system is not building. I tried DeepSeek, OpenAI and OpenRouter but none of them works. Please advise how to proceed. Thanks Marouf
Hello,
I would like to share some constructive feedback regarding your customer support and communication process.
One of the main reasons customers become frustrated is the lack of timely responses to tickets, comments, and emails. Customer service is just as important as the quality of the product itself. A great product alone is not enough if the overall customer experience and customer journey are poor.
Instead of waiting until customers leave negative reviews before responding or justifying the situation, I strongly encourage you to improve your support system proactively. Consider hiring or assigning dedicated staff to handle customer communication and support more efficiently.
Improving responsiveness, communication, and overall customer care will not only increase customer satisfaction, but will also help you generate better ratings, stronger trust, and ultimately more sales.
I hope you will take this feedback positively and use it to strengthen your business.
Regards, Marouf
We understand your concern. Please note that our team’s response time can be up to 5 business days, as clearly indicated on the product’s support page.
Hello, i like this service and i will like to purchase, Could you please suply me with a premium demo account i can use to create a website on your platform so i can test by creating a website and experience the full process
Hi, register an account in the demo to test it.
Hello, are there any plans to add AI image generation using GPT Image 1 or GPT Image Mini, with automatic saving of generated images to the media library?
Yes.
ok i try it:)
This item was featured on CodeCanyon
Elite Author
Contact the Envato Market Help Team
