Claude Code Hooks for Pre-Commit Security Scanning
Claude Code supports custom hooks that run before commits, enabling automatic secret scanning and code quality checks without manual intervention.
Someone set up Claude Code hooks to catch secrets before they hit git history.
Pre-commit hook example in ~/.claude/hooks/pre-commit.sh:
#!/bin/bash
# Scan for common secret patterns
if grep -rE "(API_KEY|SECRET|PASSWORD|sk-[a-zA-Z0-9]{32,})" --include="*.ts" --include="*.js" .; then
echo "Potential secrets detected - aborting commit"
exit 1
fiEnable in CLAUDE.md:
## Hooks
Run `~/.claude/hooks/pre-commit.sh` before any git commit operation.
If it fails, stop and explain which files contain potential secrets.This catches API keys, passwords, and OpenAI-style tokens before they get committed. Works with any file patterns - just adjust the grep includes.
The hook approach is deterministic unlike relying on Claude to “remember” security rules. Claude reads CLAUDE.md as suggestions, but hooks actually block operations.
Related Tips
Parallel Git Worktrees: A Claude Team Productivity Hack
Claude Team members share how parallel Git worktrees enable them to work on multiple branches simultaneously, switching contexts faster and boosting
Claude Code Has Hidden Hook System for Auto-Linting
Claude Code includes a hidden hook system that automatically runs linting tools on code changes, helping developers maintain code quality and catch errors
Smart Claude.md Strategy for Cleaner Monorepos
A practical guide exploring how to use Claude.md files to maintain consistent AI coding assistance across monorepo workspaces, reducing context pollution and