Почетна Преглед Помоћ
Пријавите се
logic855
/
claude-mods
огледало од https://github.com/0xDarkMatter/claude-mods.git
1
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Грана: main
Гране Ознаке
claude-mods
/
hooks
/
manifest-dep-scan.sh

manifest-dep-scan.sh 2.6 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. #!/bin/bash
    2. 

  2. # hooks/manifest-dep-scan.sh
    3. 

  3. # PostToolUse hook (matcher: Write|Edit) — the companion to pre-install-scan.sh.
    4. 

  4. #
    5. 

  5. # pre-install-scan covers `npm install` at the terminal. But in Claude Code the
    6. 

  6. # dominant way a dependency enters is the agent EDITING a manifest (package.json,
    7. 

  7. # requirements.txt, …) directly — no install command, so that hook never fires.
    8. 

  8. # This hook closes that gap: when a dependency manifest is edited and the change
    9. 

  9. # looks like it added/changed a version spec, it advises scoring the package via the
    10. 

  10. # Socket depscore MCP and respecting the release-age cooldown BEFORE it gets installed.
    11. 

  11. #
    12. 

  12. # Advisory only (exit 0); never blocks an edit. Reads the tool call as JSON on stdin
    13. 

  13. # (.tool_input.file_path / .new_string / .content), with a $1 fallback.
    14. 

  14. #
    15. 

  15. # Configuration in .claude/settings.json:
    16. 

  16. #   "PostToolUse": [{ "matcher": "Write|Edit", "hooks": [
    17. 

  17. #     { "type": "command", "command": "bash \"$HOME/.claude/hooks/manifest-dep-scan.sh\"", "timeout": 5 } ]}]
    18. 

  18. 

  19. RAW=""; [[ ! -t 0 ]] && RAW="$(cat 2>/dev/null)"
    20. 

  20. FILE=""; NEW=""
    21. 

  21. if [[ -n "$RAW" ]] && command -v jq >/dev/null 2>&1; then
    22. 

  22.   FILE="$(printf '%s' "$RAW" | jq -r '.tool_input.file_path // empty' 2>/dev/null)"
    23. 

  23.   NEW="$(printf '%s' "$RAW" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)"
    24. 

  24. fi
    25. 

  25. [[ -z "$FILE" ]] && FILE="${1:-}"
    26. 

  26. [[ -z "$FILE" ]] && exit 0
    27. 

  27. 

  28. case "$(basename "$FILE")" in
    29. 

  29.   package.json|composer.json|Cargo.toml|go.mod|Gemfile|pyproject.toml) ;;
    30. 

  30.   requirements*.txt) ;;
    31. 

  31.   *) exit 0 ;;
    32. 

  32. esac
    33. 

  33. 

  34. # Only nudge when the change looks like a dependency version spec was added/changed —
    35. 

  35. # avoids firing on unrelated manifest edits (scripts, version bumps, metadata).
    36. 

  36. if [[ -n "$NEW" ]]; then
    37. 

  37.   # Find version-spec lines, then exclude the manifest's own metadata keys so a
    38. 

  38.   # `"version": "2.0.0"` bump or `name`/`description` edit doesn't false-fire.
    39. 

  39.   echo "$NEW" \
    40. 

  40.     | grep -E ':[[:space:]]*"[[:space:]~^><=v]*[0-9]|==[[:space:]]*[0-9]|=[[:space:]]*"[0-9]|[[:space:]]v?[0-9]+\.[0-9]' \
    41. 

  41.     | grep -qvE '"(version|name|description|license|homepage|repository|author|main|type)"[[:space:]]*:' \
    42. 

  42.     || exit 0
    43. 

  43. fi
    44. 

  44. 

  45. echo "SUPPLY CHAIN: dependency manifest edited ($(basename "$FILE"))."
    46. 

  46. echo "A dependency was added/changed by editing the manifest — it still has to be"
    47. 

  47. echo "installed. Before that, score it and respect the release-age cooldown:"
    48. 

  48. echo "  - depscore (no auth): score the added package(s) via the socket MCP"
    49. 

  49. echo "  - cooldown/age: bash skills/supply-chain-defense/scripts/preinstall-check.sh <pkg>"
    50. 

  50. echo "  - never pull a day-zero version into anything that builds/runs."
    51. 

  51. exit 0
    52.