Saw this repo come up in github.com/topics/cursor-hooks. Quick observation, not a self-promo pitch. Happy to ignore if out of scope.
Your examples cover format/audit/block-git/secret-redaction but there is nothing for supply-chain checks (npm/pip/cargo). Cursor just shipped a partner page for hooks (https://cursor.com/blog/hooks-partners) and Endor Labs is the only vendor listed for malware detection there. Endor is enterprise-paid via endorctl.
I maintain a free supply-chain hook (Commit, https://getcommit.dev). Single-publisher and download-pattern signals against the axios / node-ipc / LiteLLM-style attacks. Installs with one command via npx. Repo at https://github.com/piiiico/commit-cursor-hook.
If a recipe in that direction is interesting, happy to open a PR with a minimal version (~80 LOC, Bun or Node) and the design rationale. If not, no problem. Wanted to ask first per your CONTRIBUTING.
Saw this repo come up in github.com/topics/cursor-hooks. Quick observation, not a self-promo pitch. Happy to ignore if out of scope.
Your examples cover format/audit/block-git/secret-redaction but there is nothing for supply-chain checks (npm/pip/cargo). Cursor just shipped a partner page for hooks (https://cursor.com/blog/hooks-partners) and Endor Labs is the only vendor listed for malware detection there. Endor is enterprise-paid via endorctl.
I maintain a free supply-chain hook (Commit, https://getcommit.dev). Single-publisher and download-pattern signals against the axios / node-ipc / LiteLLM-style attacks. Installs with one command via npx. Repo at https://github.com/piiiico/commit-cursor-hook.
If a recipe in that direction is interesting, happy to open a PR with a minimal version (~80 LOC, Bun or Node) and the design rationale. If not, no problem. Wanted to ask first per your CONTRIBUTING.