Add block-no-verify PreToolUse hook to .claude/settings.json #36104
Description
Feature: Add block-no-verify PreToolUse hook to .claude/settings.json
React's .claude/settings.json already has a SessionStart hook for instructions and a well-configured permissions list. There's one enforcement gap worth closing: the git hook-bypass flag.
When Claude Code runs git commit or git push with the hook-bypass flag, it silently skips pre-commit hooks, commit-msg validation, and pre-push test suites — regardless of any permissions or quality gates configured elsewhere.
Proposed fix
Add block-no-verify@1.1.2 (github.com/tupe12334/block-no-verify) as a PreToolUse Bash hook alongside the existing SessionStart hook:
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [{ "type": "command", "command": "npx block-no-verify@1.1.2" }]
}
]Note: The existing config denies Bash(npx:*) — this applies to what Claude Code can run through its Bash tool, but hooks run as system-level shell commands outside that permission scope. So the hook will run correctly.
The package reads tool_input.command from the Claude Code hook stdin, detects the hook-bypass flag across all git subcommands, and exits 2 to block. All existing hooks and permissions are preserved unchanged.
Disclosure: I am the author and maintainer of block-no-verify.