An npm package with 1 million monthly downloads was quietly stealing credentials last week. Version Sentinel is a Claude Code skill that blocks exactly this class of problem before it touches your code.
A million downloads, and nobody noticed
Ars Technica reported last week that an open-source npm package—pulled 1 million times a month—had been shipping credential-stealing code in a malicious update. Not a zero-day. Not a sophisticated attack. A trusted package that got compromised, pushed an update, and spread to every project that pulled it without question.
This is the supply chain threat pattern that keeps repeating. A package earns trust, gets compromised, and the infection rides the update wave into production. The fix isn't moving faster. It's adding friction at the right point—before the package lands, not after.
What Version Sentinel actually does
Version Sentinel is a Claude Code skill—a plugin that runs inside the Claude Code CLI. When Claude attempts to add or update a dependency, Version Sentinel intercepts that request, checks the package against known-vulnerable versions, and either clears the install or surfaces a warning before a single line runs.
If the package is flagged, Claude stops. It explains why, then asks what you want to do instead. No silent installs. No "I'll fix it in the next sprint" that gets buried under feature work.
The mechanism hooks into Claude's tool-use loop. Claude plans to run npm install some-package. The skill runs first, checks package metadata, and gates the decision. The developer stays in control—the guardrail just makes sure they actually see the choice they're making, instead of delegating it silently to an AI session.
Why Claude Code is the right place for dep hygiene
Most dependency auditing happens in CI: npm audit in a GitHub Actions step, Dependabot PRs, Snyk scans on merge. Those are good. They're also downstream of the problem.
By the time CI flags a vulnerability, a developer has already written code against that package. There are imports. There are function calls. There's muscle memory around the API. The "fix" isn't removing a line in package.json—it's a refactor that teams deprioritize because the scope looks too big.
Claude Code is where the package gets added in the first place. That's where the guardrail belongs. Stop the bad dep before it touches one line of production code, and the fix is just picking a different package name. That's a 30-second correction instead of a sprint item.
This is the same logic we apply to security headers on every project. We don't wait for a pentest to find a missing Content-Security-Policy—we set default headers in the Next.js config during project setup. Close the gap before it opens, not after someone walks through it.
What we install on every client repo
When we onboard a new development client, the Claude Code skill layer is part of the setup—same tier as ESLint config and environment variable structure. Here's the default stack:
- Version Sentinel — blocks installs of packages with known vulnerabilities or dangerous version ranges. Runs before any
npm install,pnpm add, oryarn addClaude attempts. - Security headers checker — validates that the Next.js config includes
X-Frame-Options,X-Content-Type-Options,Content-Security-Policy, andReferrer-Policybefore Claude finalizes any route or middleware changes. - Architecture doc skill — generates a
ARCHITECTURE.mdfrom the repo structure on first run, kept current without anyone writing it by hand.
Configuration takes about 20 minutes per project. The payoff is measured in incidents that don't happen. A missed security header or a compromised dep that slips past review costs hours of debugging and, depending on what it touches, a client conversation you'd rather not have.
For Supabase-backed projects—Roots Realty, ISFE, Get Indiana all run on Supabase—we add a row-level security checker to the stack. Supabase's RLS is powerful and easy to misconfigure in ways that aren't obvious until data leaks somewhere it shouldn't. The skill prompts Claude to verify RLS policy coverage before any schema migration runs.
The pattern is bigger than dep auditing
Version Sentinel hit Show HN the same week the credential-stealing package story broke. That's the market responding to a real gap in real time.
What the Claude Code skills ecosystem is building—fast—is a layer of institutional knowledge that travels with the AI instead of living in a wiki nobody reads. Security requirements, architecture constraints, style rules, client-specific guardrails: all of it can live as skills that fire automatically when Claude touches the relevant code.
Two skills hit Show HN in one week: Version Sentinel and Archik, which generates architecture diagrams from YAML. The format is moving from hobbyist tooling to standard practice. The window to differentiate on this is open now—it won't stay open.
If you're running Claude Code on client repos without a skill layer in place, add one this week. The tooling is there. The use cases are straightforward. And the alternative—learning the lesson after a compromised package ships to production—is a worse way to spend a Tuesday.
