Best Claude Code hooks for safer agent workflows
Reviewed hooks for testing, security, repository hygiene, and repeatable Claude Code automation.
Reviewed hooks for testing, security, repository hygiene, and repeatable Claude Code automation.
Pick a hook by the event it fires on and what it executes. Most hooks run on PostToolUse — ideal for linting, tests, and formatting after Claude edits a file — while Stop and Notification hooks gate or announce session events. Favor hooks that document their safety and privacy behavior and install as a project-local shell script you can read before enabling.
How to choose
- Hook event
- Match the trigger to your workflow: PostToolUse for checks after edits, Stop to gate session end, Notification for alerts.
- Disclosed behavior
- Hooks run shell commands automatically. Read the documented safety and privacy notes — what each hook executes and what data it reads — before enabling it.
- Source you can verify
- Prefer source-backed hooks whose script is in a public repository you can review.
- Setup footprint
- Most install as a single project-local .claude/hooks script with no extra prerequisites.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
| Field | Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards. Open dossier | A PostToolUse hook that runs the matching test runner for a changed file's language — Jest or Vitest for JS/TS, pytest for Python, go test, or Maven/Gradle for Java — scoped to the edited file. Open dossier | Automatically checks for outdated dependencies and suggests updates with security analysis. This PostToolUse hook triggers when dependency manifest files (package.json, requirements.txt, Gemfile, go.mod, Cargo.toml, pyproject.toml) are modified, providing real-time dependency health monitoring. Open dossier | Automatically commits all changes with a summary when Claude Code session ends. Open dossier | Automatically updates Jest snapshots when component files are modified significantly. Open dossier |
|---|---|---|---|---|---|
| Next steps | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed | Source-backed | Source-backed |
| Submitter | — | — | — | — | — |
| Install risk | Review first | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | — | — |
| Category | hooks | hooks | hooks | hooks | hooks |
| Source | Source-backed | Source-backed | Source-backed | Source-backed | Source-backed |
| Author | JSONbored | JSONbored | JSONbored | JSONbored | JSONbored |
| Added | 2025-09-16 | 2025-09-16 | 2025-09-16 | 2025-09-19 | 2025-09-19 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs your project's test command automatically after each edit; tests execute arbitrary project code, so enable this only in a trusted repo and expect it to run frequently. The script invokes whichever runner it detects (npm test, npx vitest, pytest, go test, mvn/gradle); make sure the right one is installed so it does not run an unexpected command. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically at session end and stages all unignored repository changes with git add -A. Creates a local commit when changes are present unless SKIP_AUTO_COMMIT=true is set. Only warns on sensitive-looking filenames and does not block the commit by default. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. |
| Privacy notes | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Runs locally and prints test output to the hook; that output can include file paths, test names, and any data your tests log. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Reads git status, branch name, staged diff statistics, and changed file names to build the commit message. Can commit newly created or modified local files, including private work, when they are not excluded by .gitignore. Commit metadata uses the locally configured git user name and email. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed | — none listed |
| Install | | | | | |
| Config | | | | | |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
Git Pre Commit Validator - Hooks
Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards.
Trigger:PreToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGit Pre Commit Validator - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 02
Code Test Runner Hook - Hooks
After an edit, runs the right test runner for that file — Jest/Vitest, pytest, go test, or Maven/Gradle — against the related tests.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCode Test Runner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 03
Dependency Update Checker - Hooks
Automatically checks for outdated dependencies and suggests updates with security analysis.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutDependency Update Checker - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 04
Git Auto Commit On Stop - Hooks
Automatically commits all changes with a summary when Claude Code session ends.
Trigger:StopAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGit Auto Commit On Stop - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05
Jest Snapshot Auto Updater - Hooks
Automatically updates Jest snapshots when component files are modified significantly.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutJest Snapshot Auto Updater - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
Playwright Test Runner - Hooks
Automatically runs Playwright E2E tests when test files or page components are modified.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutPlaywright Test Runner - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07
React Test Generator
Automatically creates or updates test files when React components are modified.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutReact Test Generator is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 08
Security Scanner Hook - Hooks
Automated security vulnerability scanning that integrates with development workflow to detect and prevent security issues before deployment.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutSecurity Scanner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09
Test Runner Hook - Hooks
Automatically run relevant tests when code changes are detected, with intelligent test selection and parallel execution.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutTest Runner Hook - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 10
Accessibility Checker - Claude Code Hooks
Automated accessibility testing and compliance checking for web applications following WCAG 2.1 and WCAG 2.2 guidelines.
Trigger:PostToolUseAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutAccessibility Checker - Claude Code Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11
Dependency Security Audit
Stop hook that runs npm audit, pip-audit, safety, or bundler-audit at session end and saves a timestamped CVE report.
Trigger:StopAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutDependency Security Audit is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12
Docker Image Security Scanner - Hooks
Comprehensive Docker image vulnerability scanning with layer analysis, base image recommendations, and security best practices enforcement.
Trigger:PostToolUseAdded 9mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutDocker Image Security Scanner - Hooks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.