registry  /  @youdie006/swapdex  /  0.20.0

@youdie006/swapdex@0.20.0

Switch between multiple Claude Code, Codex, Gemini, and Antigravity login accounts, locally and safely.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The npm wrapper installs a native binary fetched at install time from the package author's GitHub release. The reviewed JS source does not itself exfiltrate data or mutate credentials, but the unauthenticated downloaded binary is outside the package source inspected here.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, then user invokes swapdex CLI
Impact
Potential unreviewed native payload execution with access to local AI CLI credential files if the release artifact is malicious or compromised
Mechanism
install-time download and runtime execution of native binary
Rationale
Source inspection found no concrete malicious JS behavior, but install-time download of an unchecked native binary that later manages credential files leaves a real unresolved payload risk. This supports a warning rather than a publish block because the endpoint and behavior are package-aligned and disclosed.
Evidence
package.jsoninstall.jsbin/swapdex.jsREADME.mdbin/swapdexos.tmpdir()/swapdex-${target}.tar.gz
Network endpoints1
github.com/youdie006/swapdex/releases/download/v${version}/swapdex-${target}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform tar.gz from GitHub releases during install
  • install.js extracts the archive with tar and chmods bin/swapdex executable
  • No checksum/signature verification for downloaded native binary
  • bin/swapdex.js executes the downloaded bin/swapdex with forwarded argv/stdio
Evidence against
  • Network endpoint is package-aligned: github.com/youdie006/swapdex releases
  • No credential harvesting or exfiltration code in JS package source
  • No eval/vm/Function or obfuscated dynamic code in inspected files
  • README discloses credential-file switching behavior and plaintext local store
  • Only package files present are package.json, install.js, README.md, and bin/swapdex.js
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.12 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings