cc-safe-setup 29.6.8 → 29.6.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/examples/no-force-flag.sh +41 -0
- package/package.json +2 -2
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# no-force-flag.sh — Block dangerous --force flags
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# --force flags bypass safety checks in package managers and git.
|
|
7
|
+
# This hook blocks common dangerous --force patterns:
|
|
8
|
+
# - npm install --force (ignores peer dependency conflicts)
|
|
9
|
+
# - pip install --force-reinstall (skips cache, wastes time)
|
|
10
|
+
# - git push --force (overwrites remote history)
|
|
11
|
+
# - docker system prune --force (removes all unused data)
|
|
12
|
+
#
|
|
13
|
+
# TRIGGER: PreToolUse
|
|
14
|
+
# MATCHER: "Bash"
|
|
15
|
+
# ================================================================
|
|
16
|
+
|
|
17
|
+
INPUT=$(cat)
|
|
18
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
19
|
+
[ -z "$COMMAND" ] && exit 0
|
|
20
|
+
|
|
21
|
+
# npm install --force / --legacy-peer-deps
|
|
22
|
+
if echo "$COMMAND" | grep -qE 'npm\s+install.*--force|npm\s+i\s.*--force'; then
|
|
23
|
+
echo "BLOCKED: npm install --force bypasses peer dependency checks." >&2
|
|
24
|
+
echo "Fix the dependency conflict instead of forcing." >&2
|
|
25
|
+
exit 2
|
|
26
|
+
fi
|
|
27
|
+
|
|
28
|
+
# git push --force (not --force-with-lease)
|
|
29
|
+
if echo "$COMMAND" | grep -qE 'git\s+push.*--force($|\s)' && ! echo "$COMMAND" | grep -q 'force-with-lease'; then
|
|
30
|
+
echo "BLOCKED: git push --force can destroy remote history." >&2
|
|
31
|
+
echo "Use --force-with-lease for safer force-push." >&2
|
|
32
|
+
exit 2
|
|
33
|
+
fi
|
|
34
|
+
|
|
35
|
+
# docker system prune --force
|
|
36
|
+
if echo "$COMMAND" | grep -qE 'docker\s+(system\s+)?prune.*-f|docker\s+(system\s+)?prune.*--force'; then
|
|
37
|
+
echo "BLOCKED: docker prune --force removes all unused data without confirmation." >&2
|
|
38
|
+
exit 2
|
|
39
|
+
fi
|
|
40
|
+
|
|
41
|
+
exit 0
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "29.6.
|
|
4
|
-
"description": "One command to make Claude Code safe.
|
|
3
|
+
"version": "29.6.9",
|
|
4
|
+
"description": "One command to make Claude Code safe. 419 example hooks + 8 built-in. 52 CLI commands. 5655 tests. Works with Auto Mode.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|