Security scanner for vibe coders. Automatically checks npm, pip, and brew packages for vulnerabilities before Claude Code installs them.
PatchPilot is a Claude Code pre-execution hook that intercepts install commands:
You: "install lodash for me"
↓
Claude: "npm install lodash@4.17.0"
↓
PatchPilot: Checks OSV database
↓
BLOCKED: 4 vulnerabilities found (1 critical, 3 high)
Uses the OSV (Open Source Vulnerabilities) database - the same data source as npm audit.
npm install -g patchpilotAdd to your Claude Code settings (~/.claude/settings.json):
{
"hooks": {
"PreToolUse": [{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "patchpilot",
"timeout": 10
}]
}]
}
}Or use npx (no global install):
{
"hooks": {
"PreToolUse": [{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "npx patchpilot",
"timeout": 15
}]
}]
}
}| Ecosystem | Commands |
|---|---|
| npm | npm install, npm i, npm add, pnpm install, pnpm add, yarn add, bun add, bun install |
| Python | pip install, pip3 install, pipx install, poetry add, uv pip install, python -m pip install |
| Homebrew | brew install, brew reinstall, brew upgrade (note: no vulnerability data available) |
Also detects packages run via:
npx <package>bunx <package>npm exec <package>
Detects packages even when hidden behind:
# Command wrappers
sudo npm install evil-pkg
env npm install evil-pkg
timeout 60 npm install evil-pkg
# Command chaining
cd /tmp && npm install evil-pkg
true; pip install evil-pkg
# Nested shells
bash -c "npm install evil-pkg"
# Environment variables
NODE_ENV=production npm install evil-pkg| Severity | Action |
|---|---|
| CRITICAL or HIGH | Block - requires manual approval |
| MODERATE or LOW | Allow - with warning message |
| None found | Allow |
When you reference a package without a version (e.g. npx vite, npm install lodash),
PatchPilot resolves the current latest from the npm or PyPI registry before querying
OSV. This avoids surfacing patched CVEs from older versions as if they affected the
release you're about to install.
If the registry lookup fails (timeout, 404, network error), PatchPilot falls back to querying OSV without a version — preserving fail-closed behavior for unknown packages.
- Homebrew: OSV has no vulnerability database for Homebrew packages. Brew commands are detected but not checked.
- Private registries: Only public npm and PyPI packages are checked.
- Offline: Requires internet connection to query OSV API.
- Local
npx <tool>: PatchPilot treatsnpx <tool>as a potential install. If the tool is already installed in./node_modules/.bin/, npx runs the local copy and nothing is downloaded — but the OSV check still runs against the latest published version.
# Clone
git clone https://github.com/ProduktEntdecker/patchpilot-cli.git
cd patchpilot-cli
# Install
npm install
# Test
npm test
# Build
npm run build
# Test locally
echo '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"npm install lodash"}}' | npx tsx src/index.ts- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Please report security vulnerabilities privately - see SECURITY.md.
MIT - use it however you want.
- OSV - Open Source Vulnerabilities database by Google
- shell-quote - Shell command parsing