registry  /  @hasna/hooks  /  0.3.3

@hasna/hooks@0.3.3

Open source hooks library for AI coding agents - Install safety, quality, and automation hooks with a single command

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI-agent hook manager with explicit commands that register first-party hooks into agent settings. Risk is lifecycle/control-surface extension when a user invokes setup, not malicious install-time hijack.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm postinstall creates package-owned profile dir; user-invoked hooks install/MCP setup registers hooks; runtime hooks execute on agent events
Impact
Can add hook commands to agent settings and run local formatter/knowledge/helper commands during configured agent lifecycle events.
Mechanism
first-party agent hook registration and local command execution
Rationale
Static source inspection shows agent control-surface writes and command execution are package-aligned and user-invoked, with no unconsented install-time broad agent config mutation or exfiltration. Because it is an agent hook framework with lifecycle extension capability, warn rather than block.
Evidence
package.jsonbin/index.jshooks/hook-knowledge-context/src/hook.tshooks/hook-autoformat/src/hook.ts$HOME/.hasna/hooks/profiles~/.claude/settings.json.claude/settings.json~/.gemini/settings.json.gemini/settings.jsonexplicit --codewith-config path
Network endpoints3
registry.npmjs.orggithub.com/hasna/hooks#readmegithub.com/hasna/hooks/issues

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json has postinstall creating $HOME/.hasna/hooks/profiles.
  • bin/index.js install command can write ~/.claude/settings.json or .claude/settings.json with hooks run entries.
  • bin/index.js supports explicit Codewith config writes only with --apply-codewith and --codewith-config.
  • hooks/hook-knowledge-context/src/hook.ts spawns configurable local knowledge command during hook events.
  • hooks/hook-autoformat/src/hook.ts runs local formatters/bunx after Edit/Write events.
Evidence against
  • No install-time mutation of ~/.claude, ~/.gemini, or ~/.codewith settings found.
  • Agent config mutation is under explicit hooks install/MCP setup commands, not npm postinstall.
  • Codewith default install returns a TOML fragment and refuses default ~/.codewith writes.
  • Knowledge hook redacts secrets, bounds query/output, and does not call network APIs directly.
  • No credential harvesting, hidden remote payload download, destructive lifecycle script, or exfiltration endpoint found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 75 file(s), 870 KB of source, external domains: console.anthropic.com, ntfy.sh, registry.npmjs.org

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = mkdir -p $HOME/.hasna/hooks/profiles 2>/dev/null || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = mkdir -p $HOME/.hasna/hooks/profiles 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/index.jsView file
628var EventEmitter = __require("events").EventEmitter; L629: var childProcess = __require("child_process"); L630: var path = __require("path");
High
Child Process

Package source references child process execution.

bin/index.jsView on unpkg · L628
1070} L1071: const execArgv = process2.execArgv ?? []; L1072: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
Shell

Package source references shell execution.

bin/index.jsView on unpkg · L1070
52Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network, execution+network L52: class CommanderError extends Error { L53: constructor(exitCode, code, message) { L54: super(message); ... L628: var EventEmitter = __require("events").EventEmitter; L629: var childProcess = __require("child_process"); L630: var path = __require("path"); ... L673: this._outputConfiguration = { L674: writeOut: (str) => process2.stdout.write(str), L675: writeErr: (str) => process2.stderr.write(str), ... L4068: return codewithConfigPath; L4069: if (target === "codewith" && process.env.HASNA_HOOKS_CODEWITH_CONFIG_PATH) { L4070: return process.env.HASNA_HOOKS_CODEWITH_CONFIG_PATH;
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/index.jsView on unpkg · L52
hooks/hook-autoformat/src/hook.tsView file
8* L9: * - .prettierrc / prettier in package.json → bunx prettier --write <file> L10: * - biome.json → bunx biome format --write <file> ... L17: import { join, extname } from "path"; L18: import { execSync } from "child_process"; L19:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

hooks/hook-autoformat/src/hook.tsView on unpkg · L8
hooks/hook-knowledge-context/src/hook.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @hasna/hooks@0.3.1 matchedIdentity = npm:QGhhc25hL2hvb2tz:0.3.1 similarity = 0.973 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hooks/hook-knowledge-context/src/hook.tsView on unpkg

Findings

1 Critical5 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltahooks/hook-knowledge-context/src/hook.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/index.js
HighShellbin/index.js
HighEntrypoint Build Divergencebin/index.js
HighRuntime Package Installhooks/hook-autoformat/src/hook.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings