registry  /  @youdie006/swapdex  /  0.1.4

@youdie006/swapdex@0.1.4

Switch between multiple Claude Code and Codex login accounts, locally and safely.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package has an install-time remote binary installer, so reviewed source cannot verify the executable that users will run. No confirmed credential exfiltration or install-time AI-agent config mutation appears in the packaged JS source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; later user invokes swapdex CLI
Impact
Unverified remote binary becomes the installed CLI; behavior of that binary is not auditable from this package source alone.
Mechanism
postinstall downloads and extracts a prebuilt executable
Rationale
This is not confirmed malicious from source inspection, but install-time retrieval of an unaudited executable that will manage AI CLI credentials is a real unresolved supply-chain risk. The JS source shows no concrete exfiltration, destructive behavior, or unconsented install-time mutation of Claude/Codex state.
Evidence
package.jsoninstall.jsbin/swapdex.jsREADME.mdbin/swapdex/tmp/swapdex-${target}.tar.gz
Network endpoints1
github.com/youdie006/swapdex/releases/download/v${version}/swapdex-${target}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads platform tar.gz from GitHub release during npm install
  • install.js extracts archive into bin/ and chmods bin/swapdex executable
  • Downloaded binary is not present in package and no checksum/signature verification is implemented
Evidence against
  • No install-time reads of ~/.codex, ~/.claude, env secrets, or npm credentials in inspected JS
  • bin/swapdex.js only spawns bin/swapdex when user runs the CLI
  • Network endpoint is first-party GitHub release URL matching package repo/version
  • README discloses local credential switching behavior and plaintext local store
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.12 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings