Skip to main content
The Root.io plugin for Claude Code automatically detects vulnerable packages and suggests Root.io patches as you edit dependency files.

Prerequisites

Installation

Install directly through Claude Code’s built-in plugin system:
This is the easiest way to install and keep the plugin up to date. If Claude Code is already open, run /reload-plugins to activate without restarting.

Manual Install

If you prefer to install manually or already have rootio_patcher installed:

Verify Installation

Restart Claude Code and check that the plugin loaded:
All three files should exist.

How It Works

The Claude Code integration uses a PostToolUse hook that triggers automatically when you edit dependency files. Triggers when:
  • Edit or Write tool modifies: package.json, pom.xml, requirements.txt, pyproject.toml, Pipfile
Behavior:
  1. Runs rootio_patcher in dry-run mode
  2. If patches are available, Claude receives a notification with vulnerability counts
  3. Claude offers to apply the patches
  4. If you approve, Claude runs rootio_patcher with --dry-run=false
The hook runs in the background and only notifies Claude when patches are found, so it doesn’t interrupt your workflow.

Example Interaction

When you edit a dependency file:
  1. You or Claude edits package.json to add a new dependency
  2. Hook runs automatically - rootio_patcher npm remediate runs in the background
  3. Claude is notified - “Found 3 vulnerable packages with Root.io patches available”
  4. Claude offers to fix - “Would you like me to apply the Root.io patches?”
  5. You approve - Claude runs rootio_patcher npm remediate --dry-run=false and npm install

Manual Usage

You can also manually trigger the vulnerability check by mentioning the skill:
Or invoke the patcher directly through Claude:
For complete CLI usage, see the Root Patcher CLI documentation.