I scanned 46,500 npm packages and found 428 with .claude/settings.local.json inside...here's the tool I built after nearly shipping my own api key
A few weeks ago I was reading the Knostic audit of npm packages. They scanned 46,500 packages and found 428 containing .claude/settings.local.json which is the local settings file Claude Code writes when you open a project. 33 of those packages exposed live API credentials.
I thought "okay, I'll just check my own packages." Found a partial Anthropic API key sitting in a .claude/ state file in one of my repos. Would have shipped it on the next publish.
The problem is that .npmignore and .gitignore handle different things. If you don't explicitly exclude .claude/, .cursor/, .codex/ etc., npm pack grabs them. And none of the existing tools catch this specific class of artifact — gitleaks and trufflehog run on git history, not the about-to-ship tarball. Socket.dev is post-publish. Snyk has no signatures for AI assistant configs.
So I spent a weekend building packguard.
It hooks into prepublishOnly and opens your tarball before it ships. Blocks AI-tool config artifacts, flags source maps with embedded source, and runs an entropy scan for live secrets. If it finds anything, publish fails with a clear report.
Zero install to try: `npx packguard scan`
Or wire it in permanently: `npx packguard install` (adds the prepublishOnly hook to package.json)
can checkout here: https://packguard.kartikshukla.dev/
Happy to answer questions about how the entropy scan works or the AI artifact signature list.