npm - goodvibesonly-cc - Versions diffs - 0.3.0 → 0.3.2 - Mend

goodvibesonly-cc 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/.claude-plugin/plugin.json +25 -0
package/README.md +43 -27
package/package.json +3 -2

package/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "name": "goodvibesonly",
+  "version": "0.3.0",
+  "description": "Security scanner for vibe-coded projects. Automatically scans for hardcoded secrets, SQL injection, XSS, and other vulnerabilities before commits.",
+  "author": {
+    "name": "jddoesdev",
+    "url": "https://github.com/jddoesdev"
+  },
+  "homepage": "https://github.com/jddoesdev/goodvibesonly",
+  "repository": "https://github.com/jddoesdev/goodvibesonly",
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "scanner",
+    "vibe-coding",
+    "secrets",
+    "vulnerabilities",
+    "sql-injection",
+    "xss",
+    "claude-code"
+  ],
+  "commands": "./commands",
+  "skills": "./skills",
+  "hooks": "./hooks/hooks.json"
+}

package/README.md CHANGED Viewed

@@ -1,33 +1,35 @@
 ```
 ╔═════════════════════════════════════════════════════════════════╗
 ║                                                                 ║
-║            ░██████╗░██╗░░░██╗░█████╗░                           ║
-║            ██╔════╝░██║░░░██║██╔══██╗                           ║
-║            ██║░░██╗░╚██╗░██╔╝██║░░██║                           ║
-║            ██║░░╚██╗░╚████╔╝░██║░░██║                           ║
-║            ╚██████╔╝░░╚██╔╝░░╚█████╔╝                           ║
-║            ░╚═════╝░░░░╚═╝░░░░╚════╝░                           ║
+║                  ░██████╗░██╗░░░██╗░█████╗░                     ║
+║                  ██╔════╝░██║░░░██║██╔══██╗                     ║
+║                  ██║░░██╗░╚██╗░██╔╝██║░░██║                     ║
+║                  ██║░░╚██╗░╚████╔╝░██║░░██║                     ║
+║                  ╚██████╔╝░░╚██╔╝░░╚█████╔╝                     ║
+║                  ░╚═════╝░░░░╚═╝░░░░╚════╝░                     ║
 ║                                                                 ║
-║           🛡️  security scanner for vibe coders  🛡️                ║
+║           🛡️  security scanner for vibe coders  🛡️             ║
 ║                                                                 ║
 ╚═════════════════════════════════════════════════════════════════╝
 ```
 # GoodVibesOnly
-**Security scanner for vibe-coded projects.** A Claude Code extension that automatically scans for vulnerabilities before you commit.
+**Security scanner for vibe-coded projects.** A Claude Code extension that automatically scans for vulnerabilities when Claude Code commits on your behalf.
 ## How It Works
-GoodVibesOnly uses Claude Code's hooks system to intercept git commands:
+GoodVibesOnly uses Claude Code's [hooks system](https://docs.anthropic.com/en/docs/claude-code/hooks) to intercept git commands **within Claude Code sessions**. It does not hook into git directly — it only triggers when Claude Code itself runs a Bash command.
-1. **Hooks into git commit/push** - Automatically runs before any `git commit` or `git push`
-2. **Scans changed files** - Checks for hardcoded secrets, injection vulnerabilities, XSS, and more
-3. **Blocks on critical issues** - Prevents commits with critical vulnerabilities (exit code 2)
+1. **Intercepts Claude Code's Bash calls** - A `PreToolUse` hook runs the scanner whenever Claude Code is about to execute a Bash command
+2. **Checks for git commit/push** - If the command is a `git commit` or `git push`, it scans staged files for hardcoded secrets, injection vulnerabilities, XSS, and more
+3. **Blocks on critical issues** - Prevents Claude Code from executing the commit by exiting with code 2
 4. **Allows warnings through** - High/medium issues are reported but don't block
+> **Note:** This only works when committing through Claude Code. Running `git commit` directly in your terminal will not trigger the scan. For terminal-level git hooks, consider a traditional pre-commit hook tool.
 ```
-You: git commit -m "add user api"
+You (in Claude Code): commit my changes
 🛡️  GoodVibesOnly Security Scan
@@ -42,27 +44,39 @@ You: git commit -m "add user api"
      db.query("SELECT * FROM users WHERE id = " + id)
 Found 2 critical, 0 high, 0 medium issues.
-Commit blocked. Fix critical issues or use --no-verify to bypass.
+Commit blocked — fix critical issues before committing.
 ```
 ## Installation
-### Option 1: npx (recommended)
+### Option 1: skills.sh (recommended)
+```bash
+npx skills add jddoesdev/goodvibesonly
+```
+Or install globally:
+```bash
+npx skills add jddoesdev/goodvibesonly --global
+```
+### Option 2: npx
 ```bash
 npx goodvibesonly-cc
 ```
-### Option 2: npm global install
+### Option 3: npm global install
 ```bash
 npm install -g goodvibesonly-cc
 ```
-### Option 3: Manual
+### Option 4: Manual
 ```bash
-git clone https://github.com/YOURNAME/goodvibesonly.git
+git clone https://github.com/jddoesdev/goodvibesonly.git
 cd goodvibesonly
 node bin/install.js --global
 ```
@@ -80,11 +94,11 @@ node bin/install.js --uninstall   # Remove GoodVibesOnly
 ### Automatic (via hooks)
-Just use git normally. GoodVibesOnly runs automatically:
+When working inside Claude Code, GoodVibesOnly runs automatically whenever Claude executes a git commit or push:
-```bash
-git commit -m "message"    # Scans before commit
-git push                   # Scans before push
+```
+You: commit my changes        # Scans before Claude runs git commit
+You: push to origin            # Scans before Claude runs git push
 ```
 ### Manual Scan
@@ -148,21 +162,23 @@ goodvibesonly/
 ## How It's Different
-- **Actually enforces** - Uses Claude Code hooks to block commits, not just advisory
+- **Actually enforces** - Uses Claude Code's PreToolUse hooks to block commits, not just advisory
 - **Real scanning** - Node.js script with regex patterns, not just instructions for Claude
-- **Zero config** - Installs hooks automatically
+- **Zero config** - Installs hooks automatically into Claude Code's settings
 - **Uninstall support** - Clean removal with `--uninstall`
 ## Technical Details
-GoodVibesOnly installs a `PreToolUse` hook that intercepts Bash commands. When it detects `git commit` or `git push`:
+GoodVibesOnly installs a `PreToolUse` hook in Claude Code's settings. This hook runs before every Bash tool call that Claude Code makes. When the scanner detects the command is a `git commit` or `git push`:
 1. Reads staged files via `git diff --cached --name-only`
 2. Scans each file against vulnerability patterns
 3. Outputs findings to stderr
-4. Exits with code 2 to block (critical issues) or 0 to allow
+4. Exits with code 2 to block Claude Code from running the command (critical issues) or 0 to allow it
+For non-git commands, the scanner exits immediately with code 0 (allow).
-The hook is configured in `~/.claude/settings.json`:
+The hook is configured in Claude Code's `settings.json`:
 ```json
 {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "goodvibesonly-cc",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "Security scanner for vibe-coded projects - Claude Code extension",
   "type": "module",
   "bin": {
@@ -21,7 +21,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/jddoesdev/vibecheck.git"
+    "url": "https://github.com/jddoesdev/goodvibesonly.git"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -31,6 +31,7 @@
     "commands/",
     "skills/",
     "hooks/",
+    ".claude-plugin/",
     "README.md",
     "LICENSE"
   ]