cc-safe-setup 5.4.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +1 -1
  2. package/examples/git-tag-guard.sh +10 -0
  3. package/examples/max-file-count-guard.sh +8 -0
  4. package/examples/no-curl-upload.sh +6 -0
  5. package/examples/no-install-global.sh +11 -0
  6. package/examples/no-port-bind.sh +7 -0
  7. package/examples/no-sudo-guard.sh +8 -0
  8. package/examples/npm-publish-guard.sh +9 -0
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -253,7 +253,7 @@ Or browse all available examples in [`examples/`](examples/):
253
253
  - [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 25 recipes from real GitHub Issues ([interactive version](https://yurukusa.github.io/claude-code-hooks/))
254
254
  - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
255
255
  - [Hook Test Runner](https://github.com/yurukusa/cc-hook-test) — `npx cc-hook-test <hook.sh>` to auto-test any hook
256
- - [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` to find community hooks
256
+ - [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` ([browse online](https://yurukusa.github.io/cc-hook-registry/))
257
257
  - [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) — printable A4 quick reference
258
258
  - [Ecosystem Comparison](https://yurukusa.github.io/cc-safe-setup/ecosystem.html) — all Claude Code hook projects compared
259
259
  - [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf
package/examples/git-tag-guard.sh ADDED
@@ -0,0 +1,10 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE 'git\s+tag\s+(-a\s+|-d\s+)?v'; then
4
+ echo "WARNING: Creating git tag. Verify version number." >&2
5
+ fi
6
+ if echo "$COMMAND" | grep -qE 'git\s+push.*--tags'; then
7
+ echo "BLOCKED: Pushing all tags. Push specific tags instead." >&2
8
+ exit 2
9
+ fi
10
+ exit 0
package/examples/max-file-count-guard.sh ADDED
@@ -0,0 +1,8 @@
1
+ INPUT=$(cat)
2
+ FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
3
+ [ -z "$FILE" ] && exit 0
4
+ STATE="/tmp/cc-new-files-count"
5
+ echo "$FILE" >> "$STATE"
6
+ COUNT=$(wc -l < "$STATE" 2>/dev/null || echo 0)
7
+ [ "$COUNT" -ge 20 ] && echo "WARNING: $COUNT new files created this session." >&2
8
+ exit 0
package/examples/no-curl-upload.sh ADDED
@@ -0,0 +1,6 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE 'curl\s+.*(-X\s+POST|-d\s+@|--data-binary|--upload-file)'; then
4
+ echo "WARNING: curl upload/POST detected. Verify no sensitive data." >&2
5
+ fi
6
+ exit 0
package/examples/no-install-global.sh ADDED
@@ -0,0 +1,11 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE 'npm\s+install\s+-g\s|npm\s+i\s+-g\s'; then
4
+ echo "BLOCKED: Global npm install. Use npx or local install." >&2
5
+ exit 2
6
+ fi
7
+ if echo "$COMMAND" | grep -qE 'sudo\s+pip\s+install|pip\s+install\s+--system'; then
8
+ echo "BLOCKED: System-wide pip install. Use virtualenv." >&2
9
+ exit 2
10
+ fi
11
+ exit 0
package/examples/no-port-bind.sh ADDED
@@ -0,0 +1,7 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE '(--port|--listen|-p\s+\d|0\.0\.0\.0|INADDR_ANY|nc\s+-l)'; then
4
+ echo "WARNING: Command may bind to a network port." >&2
5
+ echo "Command: $COMMAND" >&2
6
+ fi
7
+ exit 0
package/examples/no-sudo-guard.sh ADDED
@@ -0,0 +1,8 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE '^\s*sudo\s'; then
4
+ echo "BLOCKED: sudo command detected." >&2
5
+ echo "Command: $COMMAND" >&2
6
+ exit 2
7
+ fi
8
+ exit 0
package/examples/npm-publish-guard.sh ADDED
@@ -0,0 +1,9 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE '^\s*npm\s+publish'; then
4
+ if [ -f "package.json" ]; then
5
+ VER=$(python3 -c "import json; print(json.load(open('package.json')).get('version','?'))" 2>/dev/null)
6
+ echo "NOTE: Publishing version $VER to npm." >&2
7
+ fi
8
+ fi
9
+ exit 0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cc-safe-setup",
3
- "version": "5.4.0",
3
+ "version": "6.0.0",
4
4
  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in + 39 examples. 23 commands including dashboard, issues, create, audit, lint, diff. 260 tests. 2,500+ daily npm downloads.",
5
5
  "main": "index.mjs",
6
6
  "bin": {