Skip to main content
Claude Code hooks · hooks · 12 picks

Best Claude Code hooks for safer agent workflows

Reviewed hooks for testing, security, repository hygiene, and repeatable Claude Code automation.

Curated by @heyclaude-editors Updated 2026-07-18

Reviewed hooks for testing, security, repository hygiene, and repeatable Claude Code automation.

Short answer

Pick a hook by the event it fires on and what it executes. Most hooks run on PostToolUse — ideal for linting, tests, and formatting after Claude edits a file — while Stop and Notification hooks gate or announce session events. Favor hooks that document their safety and privacy behavior and install as a project-local shell script you can read before enabling.

How to choose

Hook event
Match the trigger to your workflow: PostToolUse for checks after edits, Stop to gate session end, Notification for alerts.
Disclosed behavior
Hooks run shell commands automatically. Read the documented safety and privacy notes — what each hook executes and what data it reads — before enabling it.
Source you can verify
Prefer source-backed hooks whose script is in a public repository you can review.
Setup footprint
Most install as a single project-local .claude/hooks script with no extra prerequisites.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

Field

Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards.

Open dossier

A PostToolUse hook that runs the matching test runner for a changed file's language — Jest or Vitest for JS/TS, pytest for Python, go test, or Maven/Gradle for Java — scoped to the edited file.

Open dossier

Automatically checks for outdated dependencies and suggests updates with security analysis. This PostToolUse hook triggers when dependency manifest files (package.json, requirements.txt, Gemfile, go.mod, Cargo.toml, pyproject.toml) are modified, providing real-time dependency health monitoring.

Open dossier

Automatically commits all changes with a summary when Claude Code session ends.

Open dossier

Automatically updates Jest snapshots when component files are modified significantly.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backedSource-backed
Submitter
Install riskReview firstReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
Brand
Categoryhookshookshookshookshooks
SourceSource-backedSource-backedSource-backedSource-backedSource-backed
AuthorJSONboredJSONboredJSONboredJSONboredJSONbored
Added2025-09-162025-09-162025-09-162025-09-192025-09-19
Platforms
Harness
Source repo
Safety notesRuns automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling.Runs your project's test command automatically after each edit; tests execute arbitrary project code, so enable this only in a trusted repo and expect it to run frequently. The script invokes whichever runner it detects (npm test, npx vitest, pytest, go test, mvn/gradle); make sure the right one is installed so it does not run an unexpected command.Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling.Runs automatically at session end and stages all unignored repository changes with git add -A. Creates a local commit when changes are present unless SKIP_AUTO_COMMIT=true is set. Only warns on sensitive-looking filenames and does not block the commit by default.Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling.
Privacy notesReceives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output.Runs locally and prints test output to the hook; that output can include file paths, test names, and any data your tests log.Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output.Reads git status, branch name, staged diff statistics, and changed file names to build the commit message. Can commit newly created or modified local files, including private work, when they are not excluded by .gitignore. Commit metadata uses the locally configured git user name and email.Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output.
Prerequisites— none listed— none listed— none listed— none listed— none listed
Install
mkdir -p .claude/hooks && touch .claude/hooks/git-pre-commit-validator.sh && chmod +x .claude/hooks/git-pre-commit-validator.sh
mkdir -p .claude/hooks && touch .claude/hooks/code-test-runner-hook.sh && chmod +x .claude/hooks/code-test-runner-hook.sh
mkdir -p .claude/hooks && touch .claude/hooks/dependency-update-checker.sh && chmod +x .claude/hooks/dependency-update-checker.sh
mkdir -p .claude/hooks && touch .claude/hooks/git-auto-commit-on-stop.sh && chmod +x .claude/hooks/git-auto-commit-on-stop.sh
mkdir -p .claude/hooks && touch .claude/hooks/jest-snapshot-auto-updater.sh && chmod +x .claude/hooks/jest-snapshot-auto-updater.sh
Config
{
  "hooks": {
    "preToolUse": {
      "script": "./.claude/hooks/git-pre-commit-validator.sh",
      "matchers": [
        "git"
      ]
    }
  }
}
{
  "hooks": {
    "postToolUse": {
      "script": "./.claude/hooks/code-test-runner-hook.sh",
      "matchers": [
        "write",
        "edit",
        "multiedit"
      ]
    }
  }
}
{
  "hooks": {
    "postToolUse": {
      "script": "./.claude/hooks/dependency-update-checker.sh",
      "matchers": [
        "write",
        "edit"
      ]
    }
  }
}
{
  "hooks": {
    "stop": {
      "script": "./.claude/hooks/git-auto-commit-on-stop.sh"
    }
  }
}
{
  "hooks": {
    "postToolUse": {
      "script": "./.claude/hooks/jest-snapshot-auto-updater.sh",
      "matchers": [
        "write",
        "edit"
      ]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Git Pre Commit Validator - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    Why it made the cut

    Code Test Runner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    Dependency Update Checker - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    Why it made the cut

    Git Auto Commit On Stop - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    Jest Snapshot Auto Updater - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    Why it made the cut

    Playwright Test Runner - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    Why it made the cut

    React Test Generator is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    Why it made the cut

    Security Scanner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    Why it made the cut

    Test Runner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  10. 10
    Why it made the cut

    Accessibility Checker - Claude Code Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    Dependency Security Audit is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    Docker Image Security Scanner - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.