Last week, axios@1.14.1 was hijacked on npm. A few days before that, litellm@1.82.8 on PyPI. Both were compromised versions published through hijacked maintainer accounts.
Claude Code would have installed both of them as it doesn't ask any questions.
AI coding agents run npm install and pip install on your behalf, and there's nothing checking whether the package is safe before it executes. By the time you notice, the compromised code has already run.
So I built attach-guard — an open source Claude Code plugin that intercepts every package install command and evaluates it against supply chain risk data before execution.
How it works
attach-guard uses Claude Code's PreToolUse hooks. This is important, it's not a skill (which Claude can choose to ignore) or an MCP server (which is advisory). Hooks run automatically on every matching tool call. Claude cannot skip or override them.
When Claude runs npm install axios, attach-guard:
- Intercepts the command before it executes
- Scores the package via Socket.dev's supply chain API
- Blocks it if it fails policy (malware, low score, too new)
- If the latest version is compromised, suggests the newest safe version instead of just saying "no"
Real example:
-
npm install axios→ latest (1.14.1) scores 40/100 → blocked → rewrites toaxios@1.14.0(71/100) -
pip install litellm==1.82.8→ compromised → denied
What it catches
- Known malware and compromised packages
- Packages published less than 48 hours ago
- Low supply chain scores (below 50 = denied, 50-70 = flagged)
- Supports npm, pip, Go, and Cargo
Install
Two commands:
claude plugin marketplace add attach-dev/attach-guard
claude plugin install attach-guard@attach-dev
It prompts for a Socket.dev API token during setup (free tier available).
Links
- GitHub: https://github.com/attach-dev/attach-guard
- MIT licensed, no data collection
Top comments (0)