sec-command-warning 🛡️

Detect dangerous shell commands before they execute.

Inspired by Claude Code's built-in destructive command detection. Catches rm -rf, DROP TABLE, git push --force, and 15+ other dangerous patterns.

Quick Start

npx sec-command-warning "git push --force"
# ⚠️  ⚠️  ⚠️  DANGEROUS COMMAND DETECTED
#    Warning: 可能覆盖远程历史

npx sec-command-warning "npm install"
# ✅ Command looks safe

Install

npm install -g @xiaodi/sec-command-warning
# or
npm install --save-dev @xiaodi/sec-command-warning

Usage

CLI

# Basic check
sec-warn "rm -rf ./node_modules"
sec-command-warning "DROP TABLE users"

# JSON output
sec-warn --json "git push --force"

# Read from stdin
echo "rm -rf /" | sec-warn --stdin

# Interpret exit codes
sec-warn --exit "grep foo file.txt" 1
# ℹ️  无匹配

API (Node.js)

import { checkWarning, interpretExit } from 'sec-command-warning'

// Check a command
console.log(checkWarning('rm -rf /'))
// { warning: '可能递归强制删除文件', severity: 'medium' }

// Interpret exit code
console.log(interpretExit('grep foo file.txt', 1))
// { isError: false, message: '无匹配' }

Detected Patterns (18)

| Category | Patterns | |----------|----------| | Git | reset --hard, push --force, clean -f, checkout ., restore ., stash drop/clear, branch -D, --no-verify, --amend | | Files | rm -rf, rm -r, rm -f | | Database | DROP TABLE/DATABASE/SCHEMA, DELETE FROM (full table) | | Infra | kubectl delete, terraform destroy, docker rm/system prune | | Access | chmod -R 0000 |

Exit Codes

| Code | Meaning | |------|---------| | 0 | Safe command | | 1 | Dangerous pattern detected | | 2 | Usage error |

CI/CD Integration

# GitHub Actions example
- name: Check for dangerous commands in PR
  run: |
    git diff main...HEAD | grep '^+' | sed 's/^+//' | npx sec-command-warning --stdin

License

MIT