brin
integrations

Claude Code

Use Claude Code hooks to check brin before installing packages

Claude Code's hooks system lets you intercept agent tool calls. Use the PreToolUse hook to check brin before any package install command runs.

##Setup

1. Create .claude/settings.json:

JSON
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": ".claude/hooks/brin-check.sh"
          }
        ]
      }
    ]
  }
}

2. Create .claude/hooks/brin-check.sh:

Bash
#!/bin/bash
input=$(cat)
cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
 
# Match install commands
if [[ "$cmd" =~ ^(npm\ (i|install|add)|yarn\ add|pnpm\ (add|i)|bun\ (add|i)|pip\ install|cargo\ add)\ (.+)$ ]]; then
  pkg="${BASH_REMATCH[4]}"
 
  # Detect origin
  if [[ "$cmd" =~ ^pip ]]; then origin="pypi"
  elif [[ "$cmd" =~ ^cargo ]]; then origin="crate"
  else origin="npm"
  fi
 
  # Check brin using response headers for speed
  verdict=$(curl -sf -o /dev/null -w "%header{x-brin-verdict}" "https://api.brin.sh/${origin}/${pkg}")
 
  if [[ "$verdict" == "dangerous" || "$verdict" == "suspicious" ]]; then
    score=$(curl -sf -o /dev/null -w "%header{x-brin-score}" "https://api.brin.sh/${origin}/${pkg}")
    jq -n --arg v "$verdict" --arg s "$score" --arg p "$pkg" \
      '{decision:"block", reason:"brin: \($p) is \($v) (score: \($s)). Do not install."}'
  else
    echo '{"decision":"allow"}'
  fi
else
  echo '{"decision":"allow"}'
fi

3. Make it executable:

Bash
chmod +x .claude/hooks/brin-check.sh

##How it works

The hook reads x-brin-verdict and x-brin-score from the curl response headers — no JSON parsing required. If the verdict is suspicious or dangerous, the command is blocked with a reason. If brin is unreachable, the hook allows the command through.

##Global configuration

To apply to all projects, place the config at ~/.claude/settings.json and the script at ~/.claude/hooks/brin-check.sh.