hardstop-patterns 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +2 -0
  2. package/install.md +87 -0
  3. package/package.json +19 -3
package/README.md CHANGED
@@ -1,5 +1,7 @@
1
1
  # hardstop-patterns
2
2
 
3
+ 428 regex patterns for detecting dangerous shell commands and credential file reads. Install: `npm install hardstop-patterns`.
4
+
3
5
  Security patterns for detecting dangerous commands and credential file access. Single source of truth for [HardStop](https://github.com/frmoretto/hardstop) and compatible tools.
4
6
 
5
7
  ## What This Is
package/install.md ADDED
@@ -0,0 +1,87 @@
1
+ # hardstop-patterns
2
+
3
+ > 428 regex patterns for detecting dangerous shell commands and credential file access. Use as a standalone library or as part of the HardStop plugin.
4
+
5
+ ## OBJECTIVE
6
+
7
+ Install hardstop-patterns as an npm dependency and verify pattern matching works for both dangerous command detection and safe command recognition.
8
+
9
+ ## DONE WHEN
10
+
11
+ - `checkBashDangerous('rm -rf /')` returns `{ matched: true }` with pattern details
12
+ - `checkBashSafe('git status')` returns `{ matched: true }`
13
+ - Import/require works without errors
14
+
15
+ ## TODO
16
+
17
+ - [ ] Install via npm
18
+ - [ ] Import the library
19
+ - [ ] Verify dangerous command detection
20
+ - [ ] Verify safe command passthrough
21
+
22
+ ## Installation
23
+
24
+ ```bash
25
+ npm install hardstop-patterns
26
+ ```
27
+
28
+ ## Verification
29
+
30
+ ```js
31
+ const {
32
+ checkBashDangerous,
33
+ checkBashSafe,
34
+ checkReadDangerous,
35
+ checkReadSafe
36
+ } = require('hardstop-patterns');
37
+
38
+ // Should detect as dangerous
39
+ const dangerous = checkBashDangerous('rm -rf /');
40
+ console.assert(dangerous.matched === true, 'FAIL: rm -rf / not detected');
41
+ console.log('Dangerous:', dangerous);
42
+
43
+ // Should recognize as safe
44
+ const safe = checkBashSafe('git status');
45
+ console.assert(safe.matched === true, 'FAIL: git status not recognized');
46
+ console.log('Safe:', safe);
47
+
48
+ // Should detect credential file as dangerous
49
+ const cred = checkReadDangerous('/home/user/.ssh/id_rsa');
50
+ console.assert(cred.matched === true, 'FAIL: SSH key not detected');
51
+ console.log('Credential:', cred);
52
+
53
+ // Should recognize source code as safe to read
54
+ const src = checkReadSafe('src/index.js');
55
+ console.assert(src.matched === true, 'FAIL: source file not recognized');
56
+ console.log('Source:', src);
57
+
58
+ console.log('hardstop-patterns verified');
59
+ ```
60
+
61
+ ## API
62
+
63
+ Main functions:
64
+ - `checkBashDangerous(command)` — returns `{ matched, pattern }` if command matches a dangerous pattern
65
+ - `checkBashSafe(command)` — returns `{ matched, pattern }` if command matches a known-safe pattern
66
+ - `checkReadDangerous(filePath)` — returns `{ matched, pattern }` if filepath is a sensitive credential file
67
+ - `checkReadSensitive(filePath)` — returns `{ matched, pattern }` if filepath is suspicious (warrants warning)
68
+ - `checkReadSafe(filePath)` — returns `{ matched, pattern }` if filepath is known-safe to read
69
+
70
+ All functions return `{ matched: false }` if no pattern matches. All accept an optional `{ platform }` option (`'auto'` | `'linux'` | `'macos'` | `'windows'` | `null`).
71
+
72
+ ## Evaluation Order
73
+
74
+ Consumers MUST check dangerous patterns before safe patterns:
75
+
76
+ ```
77
+ 1. checkBashDangerous(command) → if matched, BLOCK
78
+ 2. checkBashSafe(command) → if matched, ALLOW
79
+ 3. (unknown) → escalate to human or LLM review
80
+ ```
81
+
82
+ ## More information
83
+
84
+ - Repository: https://github.com/frmoretto/hardstop-patterns
85
+ - Full documentation: https://github.com/frmoretto/hardstop-patterns#readme
86
+ - Schema specification: https://github.com/frmoretto/hardstop-patterns/blob/main/SCHEMA.md
87
+ - Parent project: https://github.com/frmoretto/hardstop
package/package.json CHANGED
@@ -1,13 +1,14 @@
1
1
  {
2
2
  "name": "hardstop-patterns",
3
- "version": "1.0.0",
3
+ "version": "1.0.1",
4
4
  "description": "Security patterns for detecting dangerous commands and credential file access. Used by HardStop and compatible tools.",
5
5
  "main": "index.js",
6
6
  "types": "index.d.ts",
7
7
  "files": [
8
8
  "index.js",
9
9
  "index.d.ts",
10
- "patterns/*.json"
10
+ "patterns/*.json",
11
+ "install.md"
11
12
  ],
12
13
  "keywords": [
13
14
  "security",
@@ -18,7 +19,22 @@
18
19
  "command-detection",
19
20
  "credential-protection",
20
21
  "devtools",
21
- "hooks"
22
+ "hooks",
23
+ "command-validation",
24
+ "shell-safety",
25
+ "ai-agent-security",
26
+ "bash-guardrail",
27
+ "pre-execution-check",
28
+ "prompt-injection-defense",
29
+ "agentic-safety",
30
+ "claude-code-hooks",
31
+ "llm-command-filter",
32
+ "dangerous-command-detection",
33
+ "supply-chain-security",
34
+ "fail-closed",
35
+ "command-allowlist",
36
+ "command-blocklist",
37
+ "claude-cowork"
22
38
  ],
23
39
  "author": "ClarityDome <info@clarity-gate.org>",
24
40
  "license": "MIT",