DEV Community: Hammad The latest articles on DEV Community by Hammad (@hammadtariq). https://dev.to/hammadtariq https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3860205%2Fda8b6298-3df4-4aed-9f66-cea11ce309eb.jpg DEV Community: Hammad https://dev.to/hammadtariq en I built a Claude Code plugin that blocks compromised packages before installation Hammad Sat, 04 Apr 2026 00:08:45 +0000 https://dev.to/hammadtariq/i-built-a-claude-code-plugin-that-blocks-compromised-packages-before-installation-1o3l https://dev.to/hammadtariq/i-built-a-claude-code-plugin-that-blocks-compromised-packages-before-installation-1o3l <p>Last week, <code>axios@1.14.1</code> was hijacked on npm. A few days before that, <code>litellm@1.82.8</code> on PyPI. Both were compromised versions published through hijacked maintainer accounts.</p> <p>Claude Code would have installed both of them as it doesn't ask any questions.</p> <p>AI coding agents run <code>npm install</code> and <code>pip install</code> on your behalf, and there's nothing checking whether the package is safe before it executes. By the time you notice, the compromised code has already run.</p> <p>So I built <code>attach-guard</code> — an open source Claude Code plugin that intercepts every package install command and evaluates it against supply chain risk data before execution.</p> <p><strong>How it works</strong></p> <p><code>attach-guard</code> uses Claude Code's PreToolUse hooks. This is important, it's not a skill (which Claude can choose to ignore) or an MCP server (which is advisory). Hooks run automatically on every matching tool call. Claude cannot skip or override them.</p> <p>When Claude runs <code>npm install axios</code>, attach-guard:</p> <ol> <li>Intercepts the command before it executes</li> <li>Scores the package via Socket.dev's supply chain API</li> <li>Blocks it if it fails policy (malware, low score, too new)</li> <li>If the latest version is compromised, suggests the newest safe version instead of just saying "no"</li> </ol> <p><strong>Real example:</strong></p> <ul> <li> <code>npm install axios</code> → latest (1.14.1) scores 40/100 → blocked → rewrites to <code>axios@1.14.0</code> (71/100)</li> <li> <code>pip install litellm==1.82.8</code> → compromised → denied</li> </ul> <p><strong>What it catches</strong></p> <ul> <li>Known malware and compromised packages</li> <li>Packages published less than 48 hours ago</li> <li>Low supply chain scores (below 50 = denied, 50-70 = flagged)</li> <li>Supports npm, pip, Go, and Cargo</li> </ul> <p><strong>Install</strong></p> <p>Two commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>claude plugin marketplace add attach-dev/attach-guard claude plugin <span class="nb">install </span>attach-guard@attach-dev </code></pre> </div> <p>It prompts for a Socket.dev API token during setup (free tier available).</p> <p><strong>Links</strong></p> <ul> <li>GitHub: <a href="https://github.com/attach-dev/attach-guard" rel="noopener noreferrer">https://github.com/attach-dev/attach-guard</a> </li> <li>MIT licensed, no data collection</li> </ul> security opensource claudecode supplychain