Open Source

    Attach Guard

    Hard-enforcement dependency install guard for AI coding agents and developers.

    AI coding agents install packages before anyone reviews them. Attach Guard intercepts package installation commands and evaluates them against policy before execution.

    terminal
    $ npm install new-pkg

    attach-guard evaluates:

    [email protected] FAIL (published 1 hour ago, minimum age is 48 hours)

    [email protected] PASS (30 days old, supply chain score 92)

    Result: ASK + rewritten command

    npm install [email protected]

    Block Without Breaking Flow

    Most security tools just say "no." Attach Guard says "no, but here's a safe alternative."

    Allow

    Package is safe

    Install proceeds normally

    Ask + rewrite

    Latest is risky, older version is safe

    Shows safe alternative, user confirms

    Deny

    All versions fail (malware, all too new, etc.)

    Blocked with clear explanation

    Why Attach Guard

    Hard Enforcement

    Not an advisory scanner. A hard enforcement boundary that sits directly in front of npm install and blocks risky packages before execution.

    Smart Version Replacement

    When a risky version is blocked, attach-guard finds the newest version that passes policy and offers it as a replacement. Your flow doesn't stop.

    Fails Closed

    When the risk provider is unavailable, attach-guard denies in CI and asks in local mode. No silent pass-throughs.

    Full Audit Trail

    Every decision is logged to a local JSONL audit trail with timestamps, scores, and reasons. Complete accountability.

    Why a Hook, Not a Skill or MCP

    Attach Guard is a Claude Code hook, not a skill or MCP server. The distinction matters:

    Hooks

    Run automatically on every matching tool call. Enforce rules deterministically — Claude cannot skip or override them.

    Skills

    Instructions Claude follows when invoked. They guide behavior but cannot block actions.

    MCP Servers

    Provide advisory context. They inform but do not enforce.

    Policy Decision Flow

    Every package goes through an ordered policy evaluation:

    1
    Allowlist / denylist lookup
    2
    Provider availability check
    3
    Known malware detection
    4
    Minimum package age (48h default)
    5
    Supply chain score threshold
    6
    Critical / high alert evaluation

    Get Started in Minutes

    quickstart

    # Build and install

    go build -o attach-guard ./cmd/attach-guard

    sudo mv attach-guard /usr/local/bin/

    # Set your Socket.dev API token

    export SOCKET_API_TOKEN="your-token"

    # Initialize default config

    attach-guard config init

    # Add the Claude Code hook to .claude/settings.json

    { "hooks": { "PreToolUse": [{ "matcher": "Bash", "hooks": [{ "type": "command", "command": "attach-guard hook" }] }] } }

    What It Covers

    npm & pnpm

    Intercepts npm install, npm i, pnpm add, and their variants.

    Claude Code Hooks

    Works as a PreToolUse hook. Claude cannot skip or override the guard.

    JSONL Audit Log

    Every allow, ask, and deny decision logged with full context for compliance.

    Stop Risky Packages Before They Execute

    Open source, local-first, zero config. Get Attach Guard running in under five minutes.

    View on GitHubInstallation Guide