npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

block-no-verify

v1.1.2

Published

CLI tool to block --no-verify flag in git commands. Prevents AI agents from bypassing git hooks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tupe12334tupe12334

Keywords

gitno-verifyhooksclisecurityai-safetyclaude-codeagent-governance

Readme

block-no-verify

A platform-agnostic security tool that blocks the --no-verify flag in git commands. Designed to prevent AI agents from bypassing git hooks.

Why?

When using AI coding assistants like Claude Code, Gemini CLI, Cursor, or others, you might have git hooks (pre-commit, pre-push) that enforce code quality, run tests, or perform security checks. The --no-verify flag allows bypassing these hooks, which could allow AI agents to skip important validations.

This package provides a CLI that can block any git commands that include --no-verify, working with any AI tool that supports command hooks.

Used By

Installation

pnpm add -g block-no-verify

Or use without installation via pnpm dlx block-no-verify or npx block-no-verify.

Quick Start

# Check a command directly
block-no-verify "git commit --no-verify -m 'test'"
# Exit code: 2 (blocked)

# Check a safe command
block-no-verify "git commit -m 'test'"
# Exit code: 0 (allowed)

# Pipe from stdin
echo "git push --no-verify" | block-no-verify
# Exit code: 2 (blocked)

Platform Integration

Claude Code

Add to your .claude/settings.json:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "pnpm dlx block-no-verify"
          }
        ]
      }
    ]
  }
}

Gemini CLI

Gemini CLI supports hooks via .gemini/settings.json. The hook system mirrors Claude Code's JSON-over-stdin contract and exit code semantics.

Add to your .gemini/settings.json:

{
  "hooks": {
    "BeforeTool": [
      {
        "matcher": "run_shell_command",
        "hooks": [
          {
            "name": "block-no-verify",
            "type": "command",
            "command": "pnpm dlx block-no-verify",
            "description": "Block --no-verify flags in git commands",
            "timeout": 5000
          }
        ]
      }
    ]
  }
}

Note: Hooks are disabled by default in Gemini CLI. You may need to enable them in your settings. See Gemini CLI Hooks Documentation for details.

Cursor

Cursor 1.7+ supports hooks via .cursor/hooks.json. The beforeShellExecution hook runs before any shell command.

Create .cursor/hooks.json in your project root:

{
  "version": 1,
  "hooks": {
    "beforeShellExecution": [
      {
        "command": "pnpm dlx block-no-verify"
      }
    ]
  }
}

Note: Cursor hooks are in beta. See Cursor Hooks Documentation for the latest information.

Generic Integration

block-no-verify accepts input in multiple formats:

# Plain text (default)
block-no-verify "git commit --no-verify"

# JSON with command field
echo '{"command":"git commit --no-verify"}' | block-no-verify

# JSON with other fields (cmd, input, shell, script)
echo '{"cmd":"git push --no-verify"}' | block-no-verify

# Claude Code format (auto-detected)
echo '{"tool_input":{"command":"git commit --no-verify"}}' | block-no-verify

CLI Options

block-no-verify [options] [command]

Options:
  --format <type>   Input format: auto, plain, claude-code, json (default: auto)
  --help, -h        Show help message
  --version, -v     Show version

Input Methods:
  1. Command argument:  block-no-verify "git commit --no-verify"
  2. Stdin (plain):     echo "git commit --no-verify" | block-no-verify
  3. Stdin (JSON):      echo '{"command":"..."}' | block-no-verify

Supported Git Commands

The following git commands are monitored for --no-verify:

  • git commit
  • git push
  • git merge
  • git cherry-pick
  • git rebase
  • git am

Behavior

| Command | Blocked? | Notes | | ------------------------ | -------- | --------------------------------------------- | | git commit --no-verify | Yes | | | git commit -n | Yes | -n is shorthand for --no-verify in commit | | git push --no-verify | Yes | | | git push -n | No | -n means --dry-run in push | | git merge --no-verify | Yes | | | git merge -n | No | -n means --no-commit in merge | | git commit -m "msg" | No | No --no-verify flag |

Exit Codes

  • 0 - Command is allowed
  • 2 - Command is blocked (contains --no-verify)
  • 1 - An error occurred

Supported JSON Fields

When using JSON input (auto-detected or with --format json), the following fields are recognized:

| Field | Description | | -------------------- | ------------------------- | | tool_input.command | Claude Code format | | command | Generic command field | | cmd | Alternative command field | | input | Input field | | shell | Shell command field | | script | Script field |

Contributing

See CONTRIBUTING.md for development setup and guidelines.

License

MIT

References