Skip to main content
The Root.io plugin for Claude Code automatically detects vulnerable packages and suggests Root.io patches as you edit dependency files.

Prerequisites

Installation

Quick Install

Use the automated installer from the root-ai repository: 
curl -fsSL https://raw.githubusercontent.com/rootio-avr/root-ai/main/install.sh | ROOTIO_API_KEY=<your-key> bash
This installs:
  • rootio_patcher CLI
  • Claude Code plugin, hooks, and skills
  • Package registry configuration (npm, Maven, pip)

Manual Install

If you prefer to install manually or already have rootio_patcher installed: 
# Clone the repository
git clone https://github.com/rootio-avr/root-ai.git

# From your project root, copy the plugin files
cp -r root-ai/platforms/claude-code/.claude-plugin .claude-plugin
cp -r root-ai/platforms/claude-code/hooks .claude/hooks
cp -r root-ai/platforms/claude-code/skills .claude/skills

Verify Installation

Restart Claude Code and check that the plugin loaded: 
ls .claude-plugin/plugin.json
ls .claude/hooks/post-edit.sh
ls .claude/skills/rootio-patcher/SKILL.md
All three files should exist.

How It Works

The Claude Code integration uses a PostToolUse hook that triggers automatically when you edit dependency files. Triggers when:
  • Edit or Write tool modifies: package.json, pom.xml, requirements.txt, pyproject.toml, Pipfile
Behavior:
  1. Runs rootio_patcher in dry-run mode
  2. If patches are available, Claude receives a notification with vulnerability counts
  3. Claude offers to apply the patches
  4. If you approve, Claude runs rootio_patcher with --dry-run=false
The hook runs in the background and only notifies Claude when patches are found, so it doesn’t interrupt your workflow.

Example Interaction

When you edit a dependency file:
  1. You or Claude edits package.json to add a new dependency
  2. Hook runs automatically - rootio_patcher npm remediate runs in the background
  3. Claude is notified - “Found 3 vulnerable packages with Root.io patches available”
  4. Claude offers to fix - “Would you like me to apply the Root.io patches?”
  5. You approve - Claude runs rootio_patcher npm remediate --dry-run=false and npm install

Manual Usage

You can also manually trigger the vulnerability check by mentioning the skill: 
"Check for Root.io patches"
Or invoke the patcher directly through Claude: 
"Run rootio_patcher to check for npm patches"
For complete CLI usage, see the Root Patcher CLI documentation.