npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

claude-slightly-dangerous

v0.3.1

Published

Claude Code slash commands for quick permission management — auto-approve local ops with safety guardrails

Downloads

46

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

onyxcoreonyxcore

Keywords

claudeclaude-codepermissionscli

Readme

Claude: Slightly Dangerous

CI npm version npm downloads license

A lot of users like to run with --dangerously-skip-permissions; that is insane — unless you're sandboxing. This is a controlled alternative that tries to create as frictionless of a workflow as possible, while preserving some degree of sanity.

The basic idea is that all operations within the project directory are allowed; anything else requires approval.

Install

Requires Node.js 18+.

npx claude-slightly-dangerous@latest install

This installs slash commands and the bash guard hook script to ~/.claude/. Nothing is activated yet — the files are just placed where Claude Code can find them.

What gets installed:

| Component | Location | Purpose | |-----------|----------|---------| | /csd:enable | ~/.claude/commands/csd/ | Slash command — auto-approve local ops, deny git | | /csd:enable-with-git | ~/.claude/commands/csd/ | Slash command — auto-approve local ops + git | | /csd:disable | ~/.claude/commands/csd/ | Slash command — reset to default permissions | | csd-bash-guard.js | ~/.claude/hooks/csd/ | Hook script — inspects bash commands for dangerous patterns |

Usage

In any Claude Code session, run /csd:enable to activate. Each project needs its own activation — enabling in project A does not affect project B.

| Command | What it does | |---------|-------------| | /csd:enable | Auto-approve all local operations. Write/Edit scoped to project directory. Git operations denied. | | /csd:enable-with-git | Same as above, but also allows git and gh commands (destructive git ops still denied). | | /csd:disable | Remove CSD permissions and hook. Restores defaults. |

How it works

When you run /csd:enable, Claude writes two keys to .claude/settings.local.json in your project directory:

  1. permissions — allow/deny lists that Claude Code's permission system enforces for the session
  2. hooks.PreToolUse — registers the bash guard hook to inspect every bash command before execution

Both are per-project and only active after you run the enable command. /csd:disable removes both keys (preserving any other settings or hooks you may have configured).

What gets allowed

  • Read(*), Bash(*), Glob(*), Grep(*), Agent(*), WebFetch(*), WebSearch(*)
  • Write(<project>/**), Edit(<project>/**), NotebookEdit(<project>/**)

What stays denied

Filesystem destructionrm -rf and rm -fr targeting /, ~, /*, ~/, ~/*, ., ..

Privilege escalationsudo, su, pkexec, doas

Disk/system commandsmkfs, wipefs, fdisk, parted, shutdown, reboot

Env/secrets protectionRead/Write/Edit on .env, .env.*, secrets/** plus bash-level cat, cp, mv on those paths

Symlink attacksln -s to /etc, /root, ~/.ssh, ~/.gnupg

Gitgit:*, gh:* (unless using /csd:enable-with-git, which still denies push --force, push -f, reset --hard, clean -f, gh repo delete)

Bash guard hook

The static deny list above blocks commands by prefix matching. The bash guard hook adds a deeper inspection layer that:

  • Splits piped/chained commands (|, &&, ||, ;) and checks each segment independently
  • Inspects command substitutions$(...), backticks, and <(...) process substitutions
  • Detects privilege escalation in any position (e.g., echo test | sudo tee /etc/hosts)
  • Scans the full command for .env and secrets/ references regardless of position
  • Handles quoted strings correctly (e.g., python -c "open('.env').read()")
  • Blocks symlink creation to sensitive system paths

The hook is only active when CSD mode is enabled via /csd:enable. It does not interfere with normal Claude Code operation when CSD is not enabled.

Security model

This is a UX guardrail, not a security sandbox.

Bash(*) allows arbitrary command execution. The deny list and bash guard hook block common dangerous patterns but cannot be exhaustive — there are always alternative ways to express destructive operations via bash. This tool reduces friction from permission prompts for routine development workflows. If you are running untrusted code or need actual isolation, use a proper sandbox (Docker, VM, etc.).

Uninstall

npx claude-slightly-dangerous uninstall

Removes CSD command and hook files from ~/.claude/.

Note: If you enabled CSD in any projects, run /csd:disable in each project first to clean up .claude/settings.local.json. Otherwise those projects will have orphaned settings pointing to a deleted hook script.

Development

npm test

Runs unit and integration tests using Node's built-in test runner. Tests cover CLI install/uninstall, command file structure, permission correctness, cross-file consistency, and bash guard hook behavior (safe commands, privilege escalation, pipe inspection, command substitution, .env/secrets protection, symlink attacks, false positive avoidance, edge cases).