
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@textswift/textswift
Advanced tools
Select text on any webpage → click the icon → instant translation
| Feature | Description |
|---|---|
| Inline Translation | Select text on any webpage and translate instantly with a single click |
| Popup Panel | Standalone translation interface from the Chrome toolbar |
| Multi-Language | English, Korean, Japanese, Chinese, Spanish, and more |
| Secure | No API keys in extension; reuses local Codex CLI authentication |
| Font Controls | Adjust translation font size (A+ / A-) for readability |
| Model Benchmarking | Automated performance testing to select the fastest model |
Web Page → Content Script → Background Worker → Native Host → Codex CLI
(select) (click icon) (send request) (codex exec) (translate)
The extension uses Chrome's Native Messaging to securely communicate with the locally installed Codex CLI. No API keys are stored or transmitted by the extension.
🇺🇸 English · 🇰🇷 Korean · 🇯🇵 Japanese · 🇨🇳 Chinese · 🇪🇸 Spanish
Additional languages planned for future releases.
npm install -g @textswift/textswift
This automatically:
chrome://extensions for extension setupIf Codex is not logged in, run:
codex login
From Chrome Web Store (recommended):
Unpacked (development):
chrome://extensionsdist/ foldertextswift setup YOUR_EXTENSION_ID
| Command | Description |
|---|---|
textswift setup [id] | Register native host (id = Chrome extension ID) |
textswift status | Show installation status |
textswift uninstall | Remove native host manifest |
The icon stays visible during translation — click it again to reopen the panel.
| Script | Description |
|---|---|
npm run build | Build extension and native host artifacts |
npm run typecheck | Run TypeScript type checking |
npm run test:unit | Run unit tests |
npm run smoke:native | Test native messaging with real Codex CLI |
npm run smoke:native:mock | Test native messaging with mock responses |
npm run smoke:playwright | Run Playwright end-to-end tests |
npm run smoke:inline | Validate inline selection icon flow |
npm run smoke:sites | Verify extension on multiple real websites |
npm run checklist | Run all quality checks |
npm run checklist
Runs type checking, unit tests, smoke tests, and benchmarks before committing.
TextSwift uses a primary/fallback model chain:
| Role | Model | Trait |
|---|---|---|
| Primary | gpt-5.3-spark | Faster, cost-effective |
| Fallback | gpt-5.1-codex-mini | Reliable backup |
# Full benchmark
bash scripts/benchmark-models.sh
# Quick (1 iteration)
TEXTSWIFT_BENCHMARK_MODE=codex TEXTSWIFT_BENCHMARK_ITERATIONS=1 bash scripts/benchmark-models.sh
# Mock (no API calls)
TEXTSWIFT_BENCHMARK_MODE=mock bash scripts/benchmark-models.sh
Stale content script from a previous build. Reload the extension from chrome://extensions, then refresh the page.
Content script running without extension runtime binding. Reload both the extension and the web page.
Extension was reloaded while content scripts were active. Close and reopen the affected tabs.
codex execcodex exec translation with timeout/error handling and fallback model chainMIT
FAQs
TextSwift Chrome extension for in-page translation
We found that @textswift/textswift demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.