Blue Bear Security flagged npm install @anthropic-ai/claude in OrchestKit docs โ an
unclaimed npm name. This playground runs the same denylist the CI guard + authoring hook use. Type an install
command and watch it get classified.
| Pattern | Matches | Does NOT match | |
|---|---|---|---|
| @anthropic-ai/claude ($|[^-[:alnum:]_.]) |
@anthropic-ai/claude @anthropic-ai/claude@latest |
@anthropic-ai/claude-code @anthropic-ai/claude-agent-sdk |
DENY |
The trailing boundary is what makes it safe: it flags the bare
package only, never a longer -suffix package. So the real CLI @anthropic-ai/claude-code
is always allowed.
tests/security/test-dependency-confusion.sh โ offline denylist scan of authored
source. Fails the build (DO NOT MERGE) if any unclaimed reference reappears. No network โ no flake.
pretool/write-edit/dependency-confusion-scanner โ warns (non-blocking) the moment a
Write/Edit introduces an unclaimed name. Unlike the secret scanner, it does scan markdown.
OrchestKit ยท fix/dependency-confusion-claude-pkg ยท interactive playground