中文
News

Claude Code Plugin 'Version Sentinel' Combats AI Hallucinations for Secure Dependency Management

April 28, 2026 · News
claudeaiagentplugindependenciesversionsentinel
Claude Code Plugin 'Version Sentinel' Combats AI Hallucinations for Secure Dependency Management

When using Anthropic's CLI coding agent, Claude Code, developers often encounter a significant issue: the AI's hallucination of package versions. For instance, it might suggest npm install [email protected] when a newer version exists, or worse, propose a version entirely absent from the registry. This propensity for hallucination, extending to package versions, introduces considerable supply-chain risks, potentially leading to outdated dependencies, missing security patches, or broken installations.

To mitigate this, a developer has created "Version Sentinel," a Claude Code plugin designed to enforce dependency version integrity. The plugin leverages Claude Code's hook system to hard-block any proposed dependency change until the user verifies that the specified version is legitimate and current.

How It Works

  • PreToolUse Hooks: Intercept edits to manifest files (e.g., package.json, requirements.txt, pyproject.toml, Cargo.toml, *.csproj) and installation commands (e.g., npm install, pip install, cargo add, dotnet add).
  • If no fresh version check has been performed, the action is blocked (exit code 2).
  • Users must then run WebSearch to verify the latest version, followed by /vs-record to log the verified version.
  • Claude subsequently retries the action, which proceeds successfully with the confirmed version.
  • PostToolUse Hooks: Automatically record successful installs, ensuring that verified packages remain unblocked for future operations.

Supported Ecosystems

Version Sentinel provides support across several key development ecosystems:

EcosystemManifestRegistry
npmpackage.jsonregistry.npmjs.org
piprequirements*.txt, pyproject.tomlpypi.org
CargoCargo.tomlcrates.io
.NET*.csprojapi.nuget.org

Bonus Feature: /check-versions

Beyond its blocking mechanism, Version Sentinel includes a /check-versions command. This utility audits all dependencies within a project against their respective upstream registries. It reports version drift without blocking operations, clearly indicating which dependencies are outdated versus those intentionally pinned to specific versions, aiding in comprehensive dependency management.

Installation

The Version Sentinel plugin can be installed directly via the Claude CLI:

claude plugin add KSEGIT/Version-Sentinel

The plugin's source code is available on GitHub (KSEGIT/Version-Sentinel) under an MIT License. Prerequisites for operation include bash, jq, curl, and python3.

↗ Read original source

Related Tools & Resources

Skill Marketplaces

A

Awesome OpenClaw Skills

A curated collection of OpenClaw skills for AI agent developers, making it easy to discover and install.
A

Awesome Claude Skills

A curated list of awesome Claude Skills, resources, and tools for customizing Claude AI workflows, particularly Claude Code.

Related Products

📦

GenericAgent

GenericAgent is a minimalist, self-evolving autonomous agent framework with only ~3K lines of core code. Utilizing 9 atomic tools and a ~100-line Agent Loop, it grants any LLM system-level control over local computers, covering browsers, terminals, filesystems, keyboard/mouse input, screen vision, and mobile devices. Its design philosophy is to evolve skills rather than pre-loading them, automatically crystallizing execution paths into reusable skills after each task, fostering a personal skill tree that grows with use, all while being highly token-efficient.
📦

Nemp-memory

Nemp Memory is a smart memory plugin designed for AI agents like Claude Code and OpenClaw. It solves the problem of agents forgetting context between sessions by providing automated project environment learning and memory management through simple commands. Key features include 100% local operation, no cloud services, API keys, or complex databases, ensuring privacy with all data stored in plain JSON files. Nemp Memory offers smart context search, AI-powered memory suggestions, and two-way auto-sync with CLAUDE.md, significantly streamlining developer workflows and ensuring agents always have up-to-date and accurate project context.
📦

Claude-Code-Usage-Monitor

Claude Code Usage Monitor is a real-time terminal monitoring tool developed by Maciek-roboblog, specifically designed for tracking Claude AI's token usage. It offers advanced analytics, machine learning-based predictions, and a rich user interface to help users monitor token consumption, burn rates, and cost analysis in real-time, while providing intelligent forecasts for session limits. The tool supports automatic detection of various Claude plans and custom limits, along with a multi-level warning system to prevent users from accidentally exceeding their usage quotas.