diff --git a/pkgs/tools/security/pass/extensions/checkup.nix b/pkgs/tools/security/pass/extensions/checkup.nix
index bafaabba843..5ae846d4a4b 100644
--- a/pkgs/tools/security/pass/extensions/checkup.nix
+++ b/pkgs/tools/security/pass/extensions/checkup.nix
@@ -1,18 +1,22 @@
 { lib, stdenv, fetchFromGitHub
-, curl, findutils, gnugrep, gnused }:
+, curl, findutils, gnugrep, gnused, shellcheck }:
 
-stdenv.mkDerivation rec {
+let
   pname = "pass-checkup";
-  version = "0.2.0";
+  version = "0.2.1";
+in stdenv.mkDerivation {
+  inherit pname version;
 
   src = fetchFromGitHub {
     owner = "etu";
-    repo = "pass-checkup";
+    repo = pname;
     rev = version;
-    sha256 = "17fyf8zj535fg43yddjww1jhxfb3nbdkn622wjxaai2nf46jzh7y";
+    sha256 = "18b6rx59r7g0hvqs2affvw0g0jyifyzhanwgz2q2b8nhjgqgnar2";
   };
 
-  patchPhase = ''
+  nativeBuildInputs = [ shellcheck ];
+
+  postPatch = ''
     substituteInPlace checkup.bash \
       --replace curl ${curl}/bin/curl \
       --replace find ${findutils}/bin/find \
@@ -21,13 +25,17 @@ stdenv.mkDerivation rec {
   '';
 
   installPhase = ''
+    runHook preInstall
+
     install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash
+
+    runHook postInstall
   '';
 
   meta = with lib; {
     description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not";
     homepage = "https://github.com/etu/pass-checkup";
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
     maintainers = with maintainers; [ etu ];
     platforms = platforms.unix;
   };