npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

claude-code-explain-risk

v1.0.0

Published

Show risk explanations on Claude Code's permission dialogs

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

wataamewataame

Keywords

claude-codehooksrisksafetycli

Readme

Claude Code Explain Risk

Show risk explanations on Claude Code's permission dialogs

🇯🇵 日本語

When using Claude Code, you often see "Allow this command?" dialogs, but it's not always clear what will happen.

This tool adds risk-level labels (Low / Medium / High) and plain-language explanations to those dialogs, helping non-engineers understand what each command does before approving it. Supports both English and Japanese (auto-detected from your system locale).

Example Output

||| Risk: High
Attempting to recursively delete files and folders.
Deleted files cannot be recovered.
|| Risk: Medium
Attempting to install npm packages.
Malicious software may be included.

Low-risk commands (ls, cat, git status, etc.) pass through silently with no extra dialogs.

Installation

npx claude-code-explain-risk

Restart Claude Code after installation.

Uninstall

npx claude-code-explain-risk --uninstall

Risk Levels

| Level | Display | Behavior | |---|---|---| | Low | None | Passes through (Claude Code default behavior) | | Medium | Yellow explanation | Shows description and risk, then asks for confirmation | | High | Red explanation | Shows description and risk, then asks for confirmation |

Supported Commands (150+)

High Risk (Red)

| Category | Examples | |---|---| | File deletion | rm -rf, find -delete, truncate | | Git irreversible | git push, git reset --hard, git clean, git stash clear | | Admin privileges | sudo, systemctl, launchctl | | Remote connections | ssh, scp, rsync | | External scripts | curl \| bash, wget \| sh | | Permission changes | chmod, chown | | Process termination | kill, killall |

Medium Risk (Yellow)

| Category | Examples | |---|---| | Package managers | npm install, pip install, brew install, yarn add | | Git operations | git add, git commit, git merge, git pull | | File operations | mkdir, cp, mv, touch | | Program execution | node, python3, ruby, bun | | Testing | jest, pytest, playwright | | Build tools | make, tsc, webpack | | Deployment | firebase deploy, vercel, gcloud | | Databases | psql, mysql, sqlite3 |

Low Risk (No display)

| Category | Examples | |---|---| | Basic commands | ls, pwd, cd, echo, cat | | Search | find, grep, rg, diff | | Text processing | jq, sort, cut | | Git read-only | git status, git log, git diff | | Version/help | --version, --help |

Unsupported Tools

The following tools cannot show risk explanations due to Claude Code limitations. Claude Code's built-in permission dialog is shown instead.

| Tool | Description | |---|---| | Edit / Write | File editing/creation. Claude Code shows the diff in its own UI | | WebFetch / WebSearch | Web access. The target URL is shown in Claude Code's own UI | | MCP tools | External service integrations. Shown in Claude Code's own UI | | Read / Glob / Grep | File reading/searching. Auto-approved as read-only |

Once Claude Code adds support (#17356), risk explanations will automatically become available for these tools too.

Settings Integration

Allow List

Commands already allowed in Claude Code's settings.json are respected. The hook won't interfere with your existing permissions.

Permission Mode

| Mode | Hook Behavior | |---|---| | default | Allow list match -> auto-approve / Otherwise -> risk explanation + confirm | | acceptEdits | Same as default | | dontAsk | Hook does not interfere (all auto-approved) | | bypassPermissions | Hook does not interfere (all auto-approved) |

Language

The display language is detected automatically:

  1. LANG environment variable (e.g. ja_JP.UTF-8 → Japanese)
  2. macOS: Falls back to system language via AppleLocale if LANG doesn't match

| Condition | Display Language | |---|---| | LANG starts with ja | Japanese | | macOS system language is Japanese | Japanese | | Otherwise | English |

No configuration needed.

Requirements

  • Node.js — Bundled with Claude Code, no extra installation needed
  • OS — macOS, Linux
  • Dependencies — None (uses only Node.js built-in modules)

How It Works

Uses Claude Code's PreToolUse hooks. The hook is called before any Bash command executes, classifies the risk, and shows an explanation.

Claude Code is about to execute a command
  ↓
explain-risk.js is called
  ↓
Command risk is classified (Low / Medium / High)
  ↓
Low risk → passes through silently
Medium/High risk → shows explanation and asks for confirmation

Contributing

Issues and PRs are welcome! See CONTRIBUTING.md for details.

License

MIT