AI Security Review
scanned 2h ago · by lpm-firewall-aiOn global npm install, the postinstall hook replaces existing `codex` launchers under the npm prefix without verifying ownership. No network or credential-exfiltration behavior is present in the inspected JavaScript source.
Decision evidence
public snapshot- `scripts/postinstall.mjs` runs automatically on install.
- Global installs delete `${prefix}/bin/codex` recursively, then replace it with a symlink.
- Windows global installs overwrite `${prefix}/codex.cmd` and `${prefix}/codex.ps1`.
- `bin/codex.js` spawns a platform binary supplied by an optional dependency.
- Installer exits for non-global installs.
- Lifecycle code only creates the package's `codex` launcher; no agent-config paths are referenced.
- No network, credential harvesting, eval, dynamic code loading, or exfiltration appears in package source.
- Launcher forwards user CLI arguments and inherited stdio to the selected local binary.
Source & flagged code
4 flagged · loading sourceTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/codex.jsView on unpkg