Cursor's agent runs npm install, pip install, cargo add, and
go get in your terminal — often suggesting packages it has never seen before. Commit's
hook intercepts each install command, scores every package against the Commit Index, and
denies CRITICAL packages (sole publisher + high downloads — the attack profile of
ua-parser-js, event-stream, Shai-Hulud) before they hit disk.
Works with Cursor v1.7+ · No account required to start · Anonymous tier: 15 audits/day
What happens when Cursor runs npm install
Cursor's agent decides to install lodash. Before the shell executes,
the hook calls Commit, gets a score, and replies deny. Cursor surfaces
the reason in the agent's permission dialog — the install never runs.
# Cursor's agent suggests: $ npm install lodash # Commit hook intercepts. Cursor shows: 🔴 Commit blocked: lodash flagged CRITICAL 🔴 lodash (score 84) — CRITICAL: sole npm publisher + >10M/wk → https://getcommit.dev/audit?packages=lodash&ecosystem=npm
The same flow runs on pip install, cargo add, and go get.
HIGH packages return ask — Cursor prompts you to confirm. Everything else passes
through silently.
Install · 30 seconds
.cursor/hooks.json in place.
Run the command in your project directory (per-project) or with --global
(all your projects). The hook script is written to ~/.commit/cursor-hook.js
and registered as a beforeShellExecution entry.
# Per-project (recommended): writes .cursor/hooks.json next to your repo $ npx proof-of-commitment hook --cursor # Or apply to every Cursor project on this machine $ npx proof-of-commitment hook --cursor --global # Remove later $ npx proof-of-commitment hook --uninstall
The hook merges into any existing hooks.json — your other
beforeShellExecution entries are preserved. No global npm install required.
Free API key · 200 audits/day · 30 seconds, no card
The hook works without an account — anonymous IP gets 15 audits/day. CI runners and dev containers share egress IPs, so the counter ticks faster than you'd think. A free key lifts you to 200/day. Two ways to get one:
# In the terminal — saves to ~/.commit/config $ npx proof-of-commitment login # Or in the browser https://getcommit.dev/get-started?ref=cursor-hook-429
FAQ
Only CRITICAL packages are denied — the precise profile that preceded ua-parser-js (Oct 2021),
event-stream (2018), and the Shai-Hulud burst (Sep 2025): sole publisher + very high downloads.
HIGH triggers Cursor's ask dialog. Everything else passes silently. False positives
on healthy popular packages are rare by design — see the writing for the scoring rationale.
Only the package names and ecosystem (npm/pypi/cargo/golang) — parsed from the shell command. Not your code, not your environment, not the rest of the command. Source: npm-package/index.js.
Yes. The same script auto-detects the client — Cursor's beforeShellExecution,
Claude Code's PreToolUse, or Windsurf's pre_run_command — and replies in the right format.
Run poc hook to install for all three at once.
See Commit for Claude Code or Commit for Windsurf.
The hook has a 4-second timeout. On timeout or non-429 errors, it returns allow —
the install proceeds. On 429 (rate limit), it surfaces the signup prompt and warns about
unscored packages so you can decide explicitly instead of silently allowing.
npx proof-of-commitment hook --uninstall — removes the entry from
.cursor/hooks.json and deletes ~/.commit/cursor-hook.js if empty.
Your other hooks are untouched.
npx proof-of-commitment hook --cursor