npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@schalkneethling/toolkit

v0.2.0

Published

CLI for managing Claude Code hooks and skills across projects.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

schalkneethlingschalkneethling

Keywords

Readme

claude-toolkit

CLI for managing Claude Code hooks and skills across projects. Hooks are copied into a project's .claude/ directory; skills are copied into .claude-toolkit/skills/ and symlinked into wherever Claude Code expects to find them.

Repo layout

.
├── hooks/
│   └── block-dangerous-commands/
│       ├── hook.ts                 # the hook script itself
│       └── settings-fragment.json  # deep-merged into .claude/settings.json on install
├── skills/                         # (empty) drop skill directories here
├── src/
│   └── index.ts                    # the toolkit CLI
├── package.json
├── README.md
├── tsconfig.json
├── tsconfig.hooks.json
└── vite.config.ts

Requirements

  • Node.js 22+
  • tsx (installed as a devDependency)

From inside a consuming project, run the CLI with tsx /path/to/claude-toolkit/cli/index.ts <command>, or link it as toolkit on your PATH.

Commands

toolkit add hook <name>

Copies hooks/<name>/hook.ts into <project>/.claude/hooks/<name>.ts and deep-merges hooks/<name>/settings-fragment.json into <project>/.claude/settings.json. Records the source hash in .claude/toolkit-manifest.json.

toolkit add skill <name> [--link <target>]...

Copies skills/<name>/ into <project>/.claude-toolkit/skills/<name>/ and creates a symlink to that directory inside each --link target. If no --link is given, the default is .claude/skills. Repeat --link to create symlinks in multiple locations.

toolkit add skill css-shared-first --link .claude/skills --link docs/skills

toolkit update [--force]

For every entry in .claude/toolkit-manifest.json, compares the current source hash to the installed hash:

  • If the source changed, shows a line-diff and prompts before overwriting.
  • If the installed file was modified locally (its hash differs from the one recorded in the manifest), warns and skips unless --force is passed.
  • Silent if everything is current.

toolkit list hook / toolkit list skill

Lists available hooks or skills shipped by this repo, with the current source hash.

Versioning

  • Each hook is hashed over hook.ts only (not the README or settings-fragment.json).
  • Each skill is hashed over every file in the skill directory (sorted by path).
  • SHA-256, truncated to the first 7 hex characters.

Manifest format

The CLI writes <project>/.claude/toolkit-manifest.json:

{
  "hooks": {
    "block-dangerous-commands": {
      "hash": "a3f9c2d",
      "installedAt": "2026-04-18"
    }
  },
  "skills": {
    "css-shared-first": {
      "hash": "f91b3e1",
      "installedAt": "2026-04-18",
      "linkedTo": [".claude/skills"]
    }
  }
}

Bundled hooks

block-dangerous-commands

A PreToolUse hook for the Bash tool. Reads Claude Code's hook payload from stdin and denies commands that match any of:

  • rm -rf (and flag variants: -rf, -fr, --recursive --force, etc.)
  • git push --force / -f / --force-with-lease
  • Direct push to main, master, production, prod, release
  • git reset --hard
  • chmod 777 / recursive chmod granting world-write
  • dd if=…
  • Redirects into /etc/, /boot/, /usr/, /bin/, /sbin/
  • The classic fork bomb
  • Piping remote content into a shell (curl … | bash, wget … | sh)
  • pkill and kill -9 / -SIGKILL
  • npm publish, npm deprecate, npm unpublish
  • history -c

On a match it exits 2 with a structured JSON payload on stdout (permissionDecision: "deny" plus permissionDecisionReason explaining why). On any other input — malformed JSON, empty stdin, a non-string command — it fails open (exit 0) so a broken hook never blocks all work.