The Problem
If you use Claude Code (Anthropic's CLI coding agent), you've probably seen it do things like:
npm install lodash@4.17.21
...when the latest version is actually different, or worse — install a version that doesn't even exist on the registry. Claude hallucinates package versions just like it hallucinates everything else.
This is a supply-chain risk. You end up with outdated deps, missing security patches, or broken installs.
The Solution: Version Sentinel
I built Version Sentinel — a Claude Code plugin that uses the hook system to hard-block any dependency change until you've verified the version is real and current.
How it works
-
PreToolUse hooks intercept edits to manifest files (
package.json,requirements.txt,pyproject.toml,Cargo.toml,*.csproj) and install commands (npm install,pip install,cargo add,dotnet add) - If no fresh version check exists → action is blocked (exit code 2)
- You run WebSearch to verify the latest version, then
/vs-recordto log it - Claude retries and the action goes through
- PostToolUse hooks auto-record successful installs so verified packages stay unblocked
Supported ecosystems
| Ecosystem | Manifest | Registry |
|---|---|---|
| npm | package.json |
registry.npmjs.org |
| pip |
requirements*.txt, pyproject.toml
|
pypi.org |
| Cargo | Cargo.toml |
crates.io |
| .NET | *.csproj |
api.nuget.org |
Bonus: /check-versions
Audits ALL dependencies in your project against upstream registries. Reports drift without blocking — shows you which deps are outdated and which are intentionally pinned.
Install
claude plugin add KSEGIT/Version-Sentinel
Links
- GitHub: KSEGIT/Version-Sentinel
- License: MIT
- Prerequisites: bash, jq, curl, python3
This is my first Claude Code plugin. Would love feedback — especially if you've run into the same version hallucination problem. What other guardrails would be useful?
Top comments (0)