Marketplace

attach-dev

Supply-chain security plugins for AI coding agents

npx claudepluginhub attach-dev/attach-guard

README

View full README on GitHub

1 Plugin

attach-guard

8·

Supply-chain security guard that intercepts package install commands across npm, pnpm, pip, go, and cargo ecosystems and enforces package risk policies before execution.

1mo

v0.3.0

attach-dev

Related Marketplaces

antigravity-awesome-skills

37.1K

0plugins

Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.

claude-code-workflows

35.1K

0plugins

Production-ready workflow orchestration with 80 focused plugins, 185 specialized agents, and 153 skills - optimized for granular installation and minimal token usage

claude-plugins-official

19.0K

0plugins

Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations

Stats

Plugins1

Stars8

UpdatedMay 11, 2026

Links

View on GitHub View Marketplace JSON

Help us improve

Share bugs, ideas, or general feedback.

attach-guard

Supply chain security plugin for Claude Code. Blocks compromised packages before they're installed.

The Problem

Claude Code installs packages on your behalf — often without you reviewing each one. Existing security tools scan after the fact or rely on advisory prompts that Claude can skip. There is no open-source guardrail that sits directly in front of package install commands and blocks risky packages before they execute.

What attach-guard Does

attach-guard is a Claude Code plugin that intercepts package installation commands and evaluates them against policy before execution. It is not an advisory scanner. It is a hard enforcement boundary.

Installs as a Claude Code plugin — no manual hook configuration needed
Intercepts npm install, pnpm add, pip install, go get, and cargo add commands via PreToolUse hooks
Checks package scores, age, and alerts via Socket.dev
Denies known malware and low-score packages automatically
Asks for confirmation on gray-band packages
Rewrites unpinned installs to safe pinned versions when possible
Fails closed when the provider is unavailable
Logs every decision to a local JSONL audit trail

Smart Version Replacement: Block Without Breaking Flow

Most security tools just say "no." attach-guard says "no, but here's a safe alternative."

When a risky version is blocked, attach-guard finds the newest version that passes policy and offers it as a replacement. Claude sees the safe alternative and can proceed immediately — your flow doesn't stop, it gets redirected to a safe path.

npm — axios v1.14.1 and v0.30.4 were compromised versions published via a hijacked maintainer account:

> npm install axios

attach-guard evaluates:
  axios@1.14.1  -->  DENY (supply chain score 40, below threshold 50 — compromised version)
  axios@1.14.0  -->  ALLOW (supply chain score 71, passes all policy checks)

Result: ASK + rewritten command
  "npm install axios@1.14.0"

pip — litellm v1.82.7 and v1.82.8 were malicious versions published to PyPI:

> pip install litellm

attach-guard evaluates:
  litellm==1.82.8  -->  DENY (compromised version)
  litellm==1.82.6  -->  ALLOW (passes all policy checks)

Result: ASK + rewritten command
  "pip install litellm==1.82.6"

These are real examples — attach-guard blocks compromised versions automatically based on their supply chain scores.

Scenario	Example	Decision	What happens
Package is safe	`npm install axios@1.14.0`	Allow	Install proceeds normally
Pinned to compromised version	`pip install litellm==1.82.8`	Deny	Blocked — compromised version
Unpinned, latest is risky	`npm install axios`	Ask + rewrite	Safe alternative offered: `axios@1.14.0`
All versions fail	malware-only package	Deny	Blocked with clear explanation

This works across all supported ecosystems — the rewrite uses the native pinning syntax for each:

Ecosystem	Unpinned command	Rewritten command
npm / pnpm	`npm install axios`	`npm install axios@1.14.0`
pip	`pip install litellm`	`pip install litellm==1.82.6`
Go	`go get golang.org/x/net`	`go get golang.org/x/net@v0.25.0`
Cargo	`cargo add serde`	`cargo add serde@=1.0.200`

Your flow only fully stops when there is genuinely no safe version to offer.

Why a Hook, Not a Skill or MCP

attach-guard uses Claude Code hooks — not skills or MCP servers. The distinction matters:

Hooks run automatically on every matching tool call. They enforce rules deterministically — Claude cannot skip or override them.
Skills are instructions Claude follows when invoked. They guide behavior but cannot block actions.
MCP servers provide advisory context. They inform but do not enforce.

Security enforcement requires interception at the tool-call boundary, before execution. Hooks are the only Claude Code extension point that guarantees this.

Installation

Quick Start: Claude Code Plugin

The fastest way to try attach-guard. Requires a Socket.dev API token (free tier available).

# Add the marketplace and install (one-time)
claude plugin marketplace add attach-dev/attach-guard
claude plugin install attach-guard@attach-dev

Or from within a Claude Code session:

/plugin marketplace add attach-dev/attach-guard
/plugin install attach-guard@attach-dev

During installation or enablement, Claude Code will prompt for your Socket API token (stored securely in your system keychain). Get a free token at socket.dev.