Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities and supply chain risks before Claude Code installs them.
PatchPilot is a Claude Code pre-execution hook that intercepts install commands and runs two checks in parallel:
You: "install lodash for me"
↓
Claude: "npm install lodash@4.17.0"
↓
PatchPilot: ┌─ OSV database (known CVEs)
└─ Registry metadata (supply chain signals)
↓
BLOCKED: 4 vulnerabilities found (1 critical, 3 high)
After the Axios supply chain attack (March 2026), where a hijacked maintainer account injected a brand-new malicious dependency, PatchPilot now detects:
| Check | What it catches | Threshold |
|---|---|---|
| Version Quarantine | Recently published versions — suggests previous stable release | < 72 hours old |
| New Package Detection | Brand-new packages with no history | < 7 days old |
| Low Downloads | Packages with no community adoption (npm only) | < 100/week |
| Typosquat Detection | Names 1–2 edits away from popular packages (lodahs → lodash) |
offline, curated list |
All three would have caught plain-crypto-js, the malicious package used in the Axios attack.
Supply chain checks return ask (not deny) — you decide whether to proceed. CVE-based blocks remain automatic.
npm install -g patchpilotAdd to your Claude Code settings (~/.claude/settings.json):
{
"hooks": {
"PreToolUse": [{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "patchpilot",
"timeout": 10
}]
}]
}
}Or use npx (no global install):
{
"hooks": {
"PreToolUse": [{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "npx patchpilot",
"timeout": 15
}]
}]
}
}| Ecosystem | Commands |
|---|---|
| npm | npm install, npm i, npm add, pnpm install, pnpm add, yarn add, bun add, bun install |
| Python | pip install, pip3 install, pipx install, poetry add, uv pip install, python -m pip install |
| Homebrew | brew install, brew reinstall, brew upgrade (note: no vulnerability data available) |
Also detects packages run via:
npx <package>bunx <package>npm exec <package>
Detects packages even when hidden behind:
# Command wrappers
sudo npm install evil-pkg
env npm install evil-pkg
timeout 60 npm install evil-pkg
# Command chaining
cd /tmp && npm install evil-pkg
true; pip install evil-pkg
# Nested shells
bash -c "npm install evil-pkg"
# Environment variables
NODE_ENV=production npm install evil-pkg| Source | Severity | Action |
|---|---|---|
| Malware | Known malicious package (OSV MAL-*) |
Block — requires manual approval |
| CVE | CRITICAL or HIGH | Block — requires manual approval |
| CVE | MODERATE or unscored (UNKNOWN) | Ask — you decide |
| CVE | LOW | Allow — with warning |
| Supply Chain | Version < 72h / New package / Low downloads / Typosquat | Ask — you decide |
| None found | — | Allow |
Supply chain checks run in parallel with CVE checks (low added latency) and fail-open — if the registry is unreachable, installs proceed normally.
When you reference a package without a version (e.g. npx vite, npm install lodash),
PatchPilot resolves the current latest from the npm or PyPI registry before querying
OSV. This avoids surfacing patched CVEs from older versions as if they affected the
release you're about to install.
If the registry lookup fails (timeout, 404, network error), PatchPilot falls back to querying OSV without a version — preserving fail-closed behavior for unknown packages.
- Homebrew: OSV has no vulnerability database for Homebrew packages. Brew commands are detected but not checked.
- Private registries: Only public npm and PyPI packages are checked.
- Offline: Requires internet connection to query OSV API and package registries.
- Zero-day CVEs: Supply chain heuristics catch suspicious metadata patterns, but cannot detect all novel attack vectors.
- Local
npx <tool>: PatchPilot treatsnpx <tool>as a potential install. If the tool is already installed in./node_modules/.bin/, npx runs the local copy and nothing is downloaded — but the OSV check still runs against the latest published version.
# Clone
git clone https://github.com/ProduktEntdecker/patchpilot-cli.git
cd patchpilot-cli
# Install
npm install
# Test
npm test
# Build
npm run build
# Test locally
echo '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"npm install lodash"}}' | npx tsx src/index.ts- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Please report security vulnerabilities privately - see SECURITY.md.
MIT - use it however you want.
- OSV - Open Source Vulnerabilities database by Google
- shell-quote - Shell command parsing