๐Ÿ›ก๏ธ Dependency-Confusion Guard

Blue Bear Security flagged npm install @anthropic-ai/claude in OrchestKit docs โ€” an unclaimed npm name. This playground runs the same denylist the CI guard + authoring hook use. Type an install command and watch it get classified.

โ€ฆ
PatternMatchesDoes NOT match
@anthropic-ai/claude
($|[^-[:alnum:]_.])
@anthropic-ai/claude
@anthropic-ai/claude@latest
@anthropic-ai/claude-code
@anthropic-ai/claude-agent-sdk
DENY

The trailing boundary is what makes it safe: it flags the bare package only, never a longer -suffix package. So the real CLI @anthropic-ai/claude-code is always allowed.

๐Ÿšง CI gate hard

tests/security/test-dependency-confusion.sh โ€” offline denylist scan of authored source. Fails the build (DO NOT MERGE) if any unclaimed reference reappears. No network โ†’ no flake.

๐Ÿ’ก Authoring hook soft

pretool/write-edit/dependency-confusion-scanner โ€” warns (non-blocking) the moment a Write/Edit introduces an unclaimed name. Unlike the secret scanner, it does scan markdown.

OrchestKit ยท fix/dependency-confusion-claude-pkg ยท interactive playground