New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

codeflow-hook

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

codeflow-hook

An interactive CI/CD simulator and lightweight pre-push code reviewer using Gemini AI

latest
npmnpm
Version
2.0.3
Version published
Maintainers
1
Created
Source

Codeflow Hook

AI-Powered Code Analysis and Git Hook Management

A lightweight command-line tool that provides AI-driven code analysis, automated git hook installation, and intelligent code review capabilities. This standalone CLI tool analyzes your local code changes using advanced AI models (Gemini, OpenAI GPT, or Claude) and helps maintain code quality through automated pre-commit and pre-push checks.

✨ Standalone Package: This CLI tool works independently and can be installed globally via npm. No additional setup or enterprise infrastructure required.

🚀 Features

AI-Powered Code Analysis

  • Local Code Diff Analysis: Analyze git diffs using Gemini, OpenAI GPT, or Claude AI models
  • Quality Assessment: Get 1-10 quality ratings with detailed feedback on code changes
  • Security Detection: Identify potential security vulnerabilities in code changes
  • Performance Insights: Receive suggestions for performance optimizations

Git Hook Automation

  • Pre-commit Hooks: Automatic analysis of staged changes before commits
  • Pre-push Hooks: Comprehensive code review simulation before pushing to remote
  • Quality Gates: Prevent problematic commits and pushes based on AI analysis
  • Customizable Thresholds: Configure when to block commits based on quality scores

Local Knowledge Base (RAG)

  • Project Context Indexing: Build searchable knowledge base from your project files
  • Context-Aware Analysis: AI analysis considers your project's documentation and code patterns
  • Offline Capability: Works without internet for local analysis (with indexed knowledge)
  • Incremental Updates: Automatically update knowledge base as project evolves

Multi-Provider AI Support

  • Google Gemini: Default AI provider with latest models (1.5 Pro, 1.5 Flash, Pro)
  • OpenAI GPT: Support for GPT-4, GPT-4 Turbo, GPT-3.5 Turbo
  • Anthropic Claude: Integration with Claude 3 Opus, Sonnet, and Haiku
  • Custom Endpoints: Connect to self-hosted or custom AI model endpoints

📦 Installation

Global Installation

npm install -g codeflow-hook

Local Installation (for specific projects)

npm install --save-dev codeflow-hook

⚙️ Quick Start

1. Configure AI Provider

Choose your AI provider and configure with your API key:

# Gemini (default, recommended)
codeflow-hook config -p gemini -k YOUR_GEMINI_API_KEY

# OpenAI
codeflow-hook config -p openai -k YOUR_OPENAI_API_KEY

# Claude/Anthropic
codeflow-hook config -p claude -k YOUR_CLAUDE_API_KEY

2. Install Git Hooks

codeflow-hook install

3. Start Analyzing Code

# Analyze your current changes
git diff | codeflow-hook analyze-diff

# Or let the hooks run automatically on commit/push
git add .
git commit -m "feat: add new feature"

🛠️ Commands

Core Commands

codeflow-hook config     # Configure AI provider settings
codeflow-hook install    # Install git hooks
codeflow-hook analyze-diff # Analyze code changes
codeflow-hook index      # Build local knowledge base
codeflow-hook status     # Check installation status

Usage Examples

# Configure with Gemini (default)
codeflow-hook config -p gemini -k your-api-key

# Install hooks in current project
codeflow-hook install

# Analyze staged changes
git diff --staged | codeflow-hook analyze-diff

# Build project knowledge base
codeflow-hook index

# Check everything is working
codeflow-hook status

🔧 Configuration

Configuration is stored in ~/.codeflow-hook/config.json:

{
  "provider": "gemini",
  "apiKey": "your-api-key",
  "model": "gemini-1.5-pro-latest"
}

Supported AI Providers

  • Gemini: provider: "gemini" - Google AI (recommended)
  • OpenAI: provider: "openai" - GPT models
  • Claude: provider: "claude" - Anthropic models

📋 Requirements

  • Node.js 16+
  • Git repository
  • AI API key (Gemini, OpenAI, or Claude)

🔒 Security & Privacy

  • Local Processing: All code analysis happens on your machine
  • API Keys Stored Locally: Keys are stored in ~/.codeflow-hook/config.json
  • No Data Collection: Code diffs are only sent to your configured AI provider
  • No Telemetry: No usage data is collected or transmitted

🐛 Troubleshooting

Common Issues

"No configuration found"

codeflow-hook config -k YOUR_API_KEY

Hooks not running

codeflow-hook install
# On Windows, ensure hooks are executable

API errors

  • Verify your API key is valid and has quota remaining
  • Check your internet connection
  • Try a different AI provider

Manual Hook Setup

If automatic installation fails:

  • Create .git/hooks/pre-commit:
#!/bin/sh
codeflow-hook analyze-diff
  • Make it executable:
chmod +x .git/hooks/pre-commit

📄 License

MIT License

🤝 Contributing

  • Fork the repository
  • Create a feature branch
  • Make your changes
  • Test thoroughly
  • Submit a pull request

🚀 Enhance your development workflow with AI-powered code analysis!

npm install -g codeflow-hook
codeflow-hook config -k YOUR_API_KEY
codeflow-hook install

Keywords

git
hooks
ci
cd
code-review
ai

FAQs

Package last updated on 18 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026