2025-12-30 · Authensor

How to Prevent AI from Modifying package.json

SafeClaw by Authensor blocks AI agents from writing to package.json through a simple deny rule in your policy file. Because SafeClaw uses deny-by-default action gating, you can protect critical project files while allowing the agent full access to your source code. Install with npx @authensor/safeclaw and your dependency manifest is locked down immediately.

Why Protecting package.json Matters

Your package.json controls which dependencies your project installs, what scripts it runs, and how it builds. An AI agent that modifies this file can introduce malicious packages, change build commands, add postinstall scripts that execute arbitrary code, or upgrade dependencies in ways that break your application.

Even well-intentioned changes — like an agent adding a library it thinks you need — can introduce supply chain vulnerabilities. Protecting package.json is a critical safety boundary.

Step 1: Install SafeClaw

npx @authensor/safeclaw

Works with Claude Code, OpenAI agents, Cursor, and any framework with an action layer.

Step 2: Add the Deny Rule

Edit your safeclaw.policy.yaml:

# safeclaw.policy.yaml rules: - action: file.write path: "**/package.json" effect: deny reason: "AI agents cannot modify package.json — dependency changes require human review" - action: file.write path: "**/package-lock.json" effect: deny reason: "Lock files must not be modified by AI agents" - action: file.write path: "**/yarn.lock" effect: deny reason: "Lock files must not be modified by AI agents"

- action: file.write path: "**/pnpm-lock.yaml" effect: deny reason: "Lock files must not be modified by AI agents"

The ** glob matches package.json at any depth — your project root, monorepo packages, or nested workspaces.

Step 3: Block Indirect Modification

An agent might try to modify package.json by running npm install or yarn add instead of writing the file directly. Block these commands too:

rules: - action: shell.execute command_pattern: "npm install *" effect: deny reason: "Block npm install — modifies package.json" - action: shell.execute command_pattern: "npm i *" effect: deny reason: "Block npm i shorthand" - action: shell.execute command_pattern: "yarn add *" effect: deny reason: "Block yarn add" - action: shell.execute command_pattern: "pnpm add *" effect: deny reason: "Block pnpm add"

- action: shell.execute command_pattern: "npm uninstall *" effect: deny reason: "Block dependency removal"

Step 4: Allow npm Scripts (Optional)

You may want the agent to run existing npm scripts like npm test or npm run build without being able to install new packages:

rules: - action: shell.execute command_pattern: "npm run *" effect: allow reason: "Allow running existing npm scripts" - action: shell.execute command_pattern: "npm test" effect: allow reason: "Allow running tests"

- action: shell.execute command_pattern: "npm install *" effect: deny reason: "Block adding new dependencies"

Remember, SafeClaw uses first-match-wins — the allow rules must come before the deny rules to take effect.

Step 5: Test and Verify

Run simulation mode:

npx @authensor/safeclaw --simulate

Ask your agent to add a dependency. The log should show:

[DENIED] shell.execute: "npm install lodash"
  Rule: "Block npm install — modifies package.json"

Check the hash-chained audit trail for a complete record:

npx @authensor/safeclaw audit --filter "path:package.json"

Protecting Other Critical Files

The same pattern works for any file you want to protect:

rules: - action: file.write path: "**/tsconfig.json" effect: deny reason: "TypeScript config is locked"

- action: file.write path: "*/.eslintrc" effect: deny reason: "Linter config is locked"

SafeClaw is open-source, MIT licensed, and backed by 446 tests. It works with both Claude and OpenAI.

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw