A Cursor agent hook that scores packages against the Commit supply chain scoring API before installing them.
Catches the single-publisher + high-downloads pattern that preceded the axios, LiteLLM, and node-ipc supply chain attacks — before npm install runs.
Intercepts npm install, pip install, cargo add, and go get commands issued by the Cursor agent. Each package is scored against Commit's behavioral signals (publisher depth, release consistency, download patterns). CRITICAL packages are blocked before the install runs.
Agent runs: npm install lodash
🔴 Commit blocked: lodash is flagged CRITICAL
🔴 lodash (score 84/100) — CRITICAL: sole npm publisher + >10M/wk
→ Review: https://getcommit.dev/audit?packages=lodash&ecosystem=npm
npx proof-of-commitment hookThat's it. Writes .cursor/hooks.json and ~/.commit/cursor-hook.js, wires the beforeShellExecution event, and prints next steps.
For all your Cursor projects:
npx proof-of-commitment hook --globalTo remove:
npx proof-of-commitment hook --uninstallThe CLI ships a self-contained Node.js hook (no extra runtime) and works out of the box. Free anonymous tier is 15 audits/day per IP; sign up at getcommit.dev/get-started for 200/day.
| Variable | Default | Description |
|---|---|---|
COMMIT_API_KEY |
— | Free API key from getcommit.dev/get-started |
COMMIT_API_URL |
https://poc-backend.amdal-dev.workers.dev |
Override for self-hosted backend |
COMMIT_HOOK_SEVERITY_BLOCK |
CRITICAL |
Set to HIGH to also block HIGH-risk packages |
# Block both CRITICAL and HIGH severity
export COMMIT_HOOK_SEVERITY_BLOCK=HIGH| Command pattern | Ecosystem |
|---|---|
npm install, npm i, npm add |
npm |
pnpm add, pnpm install |
npm |
yarn add |
npm |
pip install, pip3 install |
PyPI |
uv pip install, python -m pip install |
PyPI |
cargo add, cargo install |
Cargo |
go get, go install |
Go |
| Risk flag | Default behavior | COMMIT_HOOK_SEVERITY_BLOCK=HIGH |
|---|---|---|
CRITICAL |
Block (deny) |
Block (deny) |
HIGH |
Warn (ask) |
Block (deny) |
OK |
Allow silently | Allow silently |
CRITICAL = sole publisher + >10M weekly downloads (the exact attack surface exploited by the axios/node-ipc attacks).
HIGH = sole publisher + >1M weekly downloads, or new package with unexpected traction.
When the daily rate limit is hit, the hook escalates clean results from allow → ask so you can opt in to continue without invisible blind spots, and surfaces a one-line sign-up CTA.
Responses cached in-memory per hook session. Network calls time out at 4.5 seconds; the hook fails open on timeout to avoid blocking the agent loop. Total latency overhead for a cached package: ~0ms. For an uncached package with warm API: ~200ms.
Cursor fires beforeShellExecution before each agent shell command. The hook:
- Reads the command from stdin as JSON
- Parses it to extract the package manager and package names
- Calls
POST https://poc-backend.amdal-dev.workers.dev/api/auditwith the package list - Returns
deny/ask/allowbased on the risk flags
The hook processes any number of packages in one API call. Result shape:
{
"permission": "deny",
"user_message": "🔴 Commit blocked: lodash is flagged CRITICAL ...",
"agent_message": "Package install blocked by Commit hook ..."
}If you want to fork the hook to customize the logic, the canonical Bun/TypeScript reference lives in this repo:
git clone https://github.com/piiiico/commit-cursor-hook
cd commit-cursor-hookAdd to .cursor/hooks.json:
{
"hooks": [
{
"name": "Commit supply chain gate",
"event": "beforeShellExecution",
"command": "bun /path/to/commit-cursor-hook/hook.ts",
"failClosed": false
}
]
}failClosed: true blocks installs when the API is unreachable. Default (false) fails open — installs proceed if Commit can't be reached. Requires Bun ≥ 1.0.
# Unit tests (no network)
bun test.ts
# Live integration tests
LIVE=1 bun test.ts- Commit — supply chain trust scoring for npm, PyPI, Cargo, and Go
- proof-of-commitment — CLI, GitHub Action, MCP server, and the
poc hookinstaller - Why it works — design rationale and threat model
- Cursor hooks documentation
MIT.