Install command
Provided
Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
0
78
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as source-backed.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
No package verification flag provided.
Checksum metadata
No checksum provided for downloaded artifact.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Provided
Copy snippet
Provided
Prerequisites
None
Platforms
1 listed
Difficulty
0/100
Adoption plan
Current risk score 16/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
No package verification/checksum metadata.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (5/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is missing.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
5/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is missing.
rollout
Install payload is available.
No required blockers for this timeline preset.
Safety & privacy surface
1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens, permissions & scopes.
#!/usr/bin/env bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
# Only run on git commit commands
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
echo "🔍 Running pre-commit validations..."
# Check for staged files
STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || echo "")
if [ -z "$STAGED_FILES" ]; then
echo "No staged files to validate"
exit 0
fi
echo "Validating staged files: $STAGED_FILES"
# Check for forbidden files
echo "Checking for forbidden files..."
if echo "$STAGED_FILES" | grep -E "\.(env|DS_Store)$|node_modules/"; then
echo "❌ Forbidden files detected in staging area" >&2
echo "Remove .env, .DS_Store, or node_modules files before committing" >&2
exit 2
fi
# Check file sizes
echo "Checking file sizes..."
for file in $STAGED_FILES; do
if [ -f "$file" ]; then
size=$(wc -c < "$file")
if [ "$size" -gt 10485760 ]; then # 10MB limit
echo "⚠️ Large file detected: $file ($(($size / 1024 / 1024))MB)" >&2
fi
fi
done
# Run linting if available
if command -v npm &> /dev/null && [ -f "package.json" ]; then
echo "Running ESLint..."
npm run lint 2>/dev/null || echo "⚠️ Linting issues found" >&2
fi
# Run formatting if available
if command -v prettier &> /dev/null; then
echo "Running Prettier..."
prettier --check $STAGED_FILES 2>/dev/null || echo "⚠️ Formatting issues found" >&2
fi
# Run tests if available
if command -v npm &> /dev/null && [ -f "package.json" ]; then
echo "Running tests..."
npm test 2>/dev/null || echo "⚠️ Tests failed" >&2
fi
echo "✅ Pre-commit validation completed" >&2
exit 0{
"hooks": {
"preToolUse": {
"script": "./.claude/hooks/git-pre-commit-validator.sh",
"matchers": [
"git"
]
}
}
}.claude/settings.local.json~/.claude/settings.json.claude/settings.json{
"hooks": {
"preToolUse": {
"script": "./.claude/hooks/git-pre-commit-validator.sh",
"matchers": ["git"]
}
}
}
#!/usr/bin/env bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
# Only run on git commit commands
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
echo "🔍 Running pre-commit validations..."
# Check for staged files
STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || echo "")
if [ -z "$STAGED_FILES" ]; then
echo "No staged files to validate"
exit 0
fi
echo "Validating staged files: $STAGED_FILES"
# Check for forbidden files
echo "Checking for forbidden files..."
if echo "$STAGED_FILES" | grep -E "\.(env|DS_Store)$|node_modules/"; then
echo "❌ Forbidden files detected in staging area" >&2
echo "Remove .env, .DS_Store, or node_modules files before committing" >&2
exit 2
fi
# Check file sizes
echo "Checking file sizes..."
for file in $STAGED_FILES; do
if [ -f "$file" ]; then
size=$(wc -c < "$file")
if [ "$size" -gt 10485760 ]; then # 10MB limit
echo "⚠️ Large file detected: $file ($(($size / 1024 / 1024))MB)" >&2
fi
fi
done
# Run linting if available
if command -v npm &> /dev/null && [ -f "package.json" ]; then
echo "Running ESLint..."
npm run lint 2>/dev/null || echo "⚠️ Linting issues found" >&2
fi
# Run formatting if available
if command -v prettier &> /dev/null; then
echo "Running Prettier..."
prettier --check $STAGED_FILES 2>/dev/null || echo "⚠️ Formatting issues found" >&2
fi
# Run tests if available
if command -v npm &> /dev/null && [ -f "package.json" ]; then
echo "Running tests..."
npm test 2>/dev/null || echo "⚠️ Tests failed" >&2
fi
echo "✅ Pre-commit validation completed" >&2
exit 0
Complete hook script that performs pre-commit validation before Git commits
#!/usr/bin/env bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || echo "")
if [ -z "$STAGED_FILES" ]; then
exit 0
fi
echo "🔍 Running pre-commit validations..." >&2
if echo "$STAGED_FILES" | grep -E "\.(env|DS_Store)$|node_modules/"; then
echo "❌ Forbidden files detected in staging area" >&2
exit 1
fi
if command -v npm &> /dev/null && [ -f "package.json" ]; then
if grep -q '"lint"' package.json; then
npm run lint 2>/dev/null || exit 1
fi
fi
echo "✅ Pre-commit validation completed" >&2
exit 0
Complete hook configuration for .claude/settings.json to enable pre-commit validation
{
"hooks": {
"preToolUse": {
"script": "./.claude/hooks/git-pre-commit-validator.sh",
"matchers": ["git"]
}
}
}
Enhanced hook script for security scanning and sensitive file detection
#!/usr/bin/env bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || echo "")
if [ -z "$STAGED_FILES" ]; then
exit 0
fi
SENSITIVE_PATTERNS=(".env" "*secret*" "*password*" "*key*" "id_rsa" "id_ed25519" "*.pem")
SENSITIVE_FOUND=false
for pattern in "${SENSITIVE_PATTERNS[@]}"; do
if echo "$STAGED_FILES" | grep -q "$pattern"; then
SENSITIVE_FOUND=true
echo "⚠️ Potentially sensitive file detected: $pattern" >&2
fi
done
if [ "$SENSITIVE_FOUND" = true ]; then
echo "❌ Security: Sensitive files detected in staging area" >&2
exit 1
fi
exit 0
Enhanced hook script for file size validation with Git LFS recommendations
#!/usr/bin/env bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || echo "")
if [ -z "$STAGED_FILES" ]; then
exit 0
fi
MAX_SIZE=10485760
for file in $STAGED_FILES; do
if [ -f "$file" ]; then
size=$(wc -c < "$file" 2>/dev/null || echo "0")
if [ "$size" -gt "$MAX_SIZE" ]; then
size_mb=$((size / 1024 / 1024))
echo "⚠️ Large file detected: $file (${size_mb}MB)" >&2
if [ "$size" -gt 52428800 ]; then
echo "❌ File exceeds 50MB limit - consider using Git LFS" >&2
exit 1
fi
fi
fi
done
exit 0
Enhanced hook script for commit message format validation with conventional commits
#!/usr/bin/env bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
if [[ "$COMMAND" != *"git commit"* ]]; then
exit 0
fi
COMMIT_MSG=$(git log -1 --pretty=%B 2>/dev/null || echo "")
if [ -n "$COMMIT_MSG" ]; then
if ! echo "$COMMIT_MSG" | grep -qE "^(feat|fix|docs|style|refactor|test|chore)(\(.+\))?:"; then
echo "⚠️ Commit message doesn't follow conventional format" >&2
echo "Expected format: type(scope): description" >&2
echo "Types: feat, fix, docs, style, refactor, test, chore" >&2
fi
fi
exit 0
Ensure script exits with exit 0 on success. Check that matchers pattern ['git'] doesn't intercept non-commit git commands like status or diff which should bypass validation. Verify command detection logic: 'if [["$COMMAND" != "git commit"]]; then exit 0; fi'. Test with different git commands to ensure only commits are validated.
Add existence check before running: '[ -f package.json ] && grep -q '"lint"' package.json' before npm run lint. Provide fallback or skip linting gracefully if unavailable. Check package.json for lint script: 'grep -q '"lint"' package.json'. Use conditional execution: 'if command -v npm &> /dev/null && [ -f package.json ] && grep -q '"lint"' package.json; then npm run lint; fi'.
Auto-fix formatting instead of blocking: 'prettier --write $STAGED_FILES && git add $STAGED_FILES'. Alternatively, set --warn-only flag to log issues without exit code. Use prettier --check for validation only. Consider using lint-staged for automatic formatting. Add SKIP_FORMAT environment variable for emergency overrides.
Run only tests related to changed files: 'npm test -- --findRelatedTests $STAGED_FILES'. Add timeout: 'npm test -- --maxWorkers=2 --bail' for faster feedback. Use test filtering: 'npm test -- --testPathPattern=$(echo $STAGED_FILES | tr ' ' '|')'. Consider using SKIP_TESTS environment variable for local development. Add test timeout limits.
Check if file is new vs modified: 'git diff --cached --diff-filter=A' to detect additions only. Skip size check for existing tracked files to avoid retroactive enforcement. Use 'git ls-files --cached' to check if file is already tracked. Add logic to skip size validation for modified files: 'if git ls-files --error-unmatch "$file" &> /dev/null; then continue; fi'.
Refine sensitive file patterns to avoid false positives. Use whitelist for known safe files: 'if echo "$file" | grep -qE "(test|spec|example|sample)"; then continue; fi'. Add configuration file for custom patterns. Use git-secrets or similar tools for more accurate detection. Consider using SKIP_SECURITY environment variable for development.
Customize commit message patterns based on project requirements. Use environment variable for custom patterns: 'COMMIT_MSG_PATTERN'. Add project-specific configuration file. Make validation optional with SKIP_COMMIT_MSG environment variable. Support multiple commit message formats. Use case-insensitive matching for flexibility.
Use version pinning for validation tools. Check tool versions before running: 'eslint --version'. Add version compatibility checks. Use Docker containers for consistent environments. Consider using pre-commit framework for tool management. Add SKIP_VALIDATION environment variable for CI/CD overrides. Document required tool versions.
Git Pre Commit Validator - Hooks side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Comprehensive pre-commit hook that validates code quality, runs tests, and enforces standards. Open dossier | Validates AWS CloudFormation templates for syntax errors and best practices using cfn-lint v1.40.4+ and AWS CLI v2.27.54+. Open dossier | Validates environment variables, checks for required vars, and ensures proper configuration across environments. Open dossier | Automatically commits all changes with a summary when Claude Code session ends. Open dossier |
|---|---|---|---|---|
| Next steps | ||||
| Trust | ||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed | Source-backed |
| Submitter | — | — | — | — |
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | |
| Category | hooks | hooks | hooks | hooks |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | JSONbored | JSONbored | JSONbored | JSONbored |
| Added | 2025-09-16 | 2025-09-19 | 2025-09-16 | 2025-09-19 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically at session end and stages all unignored repository changes with git add -A. Creates a local commit when changes are present unless SKIP_AUTO_COMMIT=true is set. Only warns on sensitive-looking filenames and does not block the commit by default. |
| Privacy notes | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Reads git status, branch name, staged diff statistics, and changed file names to build the commit message. Can commit newly created or modified local files, including private work, when they are not excluded by .gitignore. Commit metadata uses the locally configured git user name and email. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | | | | |
| Config | | | | |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Source-backed guides for putting this to work.
Set autoMode.hard_deny rules to block risky actions in auto mode.
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.