integrations

Claude Code

Integrate brin with Claude Code hooks to automatically scan packages installed by AI agents

Claude Code's hooks system lets you intercept and control agent actions. By using the PreToolUse hook, you can automatically route all package installations through brin for security scanning.

Prerequisites

brin CLI installed
Claude Code

Setup

Choose one of the three options below based on your needs.

Option A: Script-Based Hook (Recommended)

This approach uses a bash script for fast, deterministic behavior.

1. Create the hooks configuration

Create .claude/settings.json in your project root:

JSON

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": ".claude/hooks/brin-gateway.sh"
          }
        ]
      }
    ]
  }
}

2. Create the hook script

Create .claude/hooks/brin-gateway.sh:

Bash

#!/bin/bash
input=$(cat)
cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
 
# Match install commands with packages
if [[ "$cmd" =~ ^(npm\ (i|install|add)|yarn\ add|pnpm\ (add|i)|bun\ (add|i)|pip\ install|cargo\ add)\ (.+)$ ]]; then
  pkg="${BASH_REMATCH[5]}"
  jq -n --arg p "$pkg" '{decision:"block", reason:"Use `brin add \($p)` instead for security scanning."}'
elif [[ "$cmd" =~ ^(npm\ (uninstall|rm)|yarn\ remove|pnpm\ (rm|remove)|bun\ (rm|remove)|pip\ uninstall|cargo\ remove)\ (.+)$ ]]; then
  pkg="${BASH_REMATCH[5]}"
  jq -n --arg p "$pkg" '{decision:"block", reason:"Use `brin remove \($p)` instead."}'
else
  echo '{"decision":"allow"}'
fi

3. Make it executable

Bash

chmod +x .claude/hooks/brin-gateway.sh

Option B: Prompt-Based Hook (Zero Code)

This approach uses Claude Code's built-in LLM evaluation—no script needed. Trade-off: adds slight latency per command.

Create .claude/settings.json in your project root:

JSON

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "prompt",
            "prompt": "If $ARGUMENTS contains a package install command (npm install, yarn add, pnpm add, bun add, pip install, cargo add), block and instruct to use 'brin add <package>' instead. Allow bare 'npm install' or non-install commands."
          }
        ]
      }
    ]
  }
}

Option C: CLAUDE.md Rules (Simplest)

For a simpler approach without hooks, create a CLAUDE.md file in your project root. Claude Code reads this file automatically and follows the instructions.

MARKDOWN

## Package Installation Rules
 
Always use `brin` instead of direct package manager commands:
 
- Use `brin add <package>` instead of `npm install`, `yarn add`, `pnpm add`, `bun add`
- Use `brin remove <package>` instead of `npm uninstall`, `yarn remove`
- Use `brin scan` to audit existing dependencies
 
This ensures all packages are scanned for vulnerabilities, malicious code, and supply chain risks before installation.

This approach relies on Claude following instructions rather than enforcing at the hook level.

Global Configuration

To apply brin hooks to all your projects, create the configuration in your home directory at ~/.claude/settings.json.

Troubleshooting

Hook not triggering

Verify the settings file exists at .claude/settings.json
Check that the script is executable: chmod +x .claude/hooks/brin-gateway.sh
Restart Claude Code after making changes

Script errors

Test the script manually:

Bash

echo '{"tool_input":{"command":"npm install express"}}' | .claude/hooks/brin-gateway.sh

Expected output:

JSON

{"decision":"block","reason":"Use `brin add express` instead for security scanning."}

On this page

Share feedback