Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@beuluis/hook-cli
Advanced tools
A small hook cli that can be used with for example husky
A small hook cli
·
Report Bug
·
Request Feature
·
A small hook cli that can be used with for example husky.
I know that most of this stuff is already solved by some awesome tools. So this is really just a CLI playground for me.
npm i -D @beuluis/hook-cli
Run commands. For example using the hooks in .husky
.
```bash
npx hook-cli [command] [...]
```
Check the pattern of a commit message
Option | Description | Type | default |
---|---|---|---|
-p , --prefix | Prefix of the issue key. | string | `` |
-m , --message | Get message from command line instead of file. | string | `` |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli checkCommitMessageIssueKey "$1" -p "HelloWorld"
npx hook-cli checkCommitMessageIssueKey .git/COMMIT_EDITMSG -p "KEY"
npx hook-cli checkCommitMessageIssueKey -m "KEY-12 message" -p "KEY"
npx hook-cli checkCommitMessageIssueKey -m "KEY-12 message" -p "KEY" -n
Check the pattern of a commit message
Option | Description | Type | default |
---|---|---|---|
-p , --pattern | Regex pattern to check the message against. | string | `` |
-m , --message | Get message from command line instead of file. | string | `` |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli checkCommitMessagePattern "$1" -p "HelloWorld"
npx hook-cli checkCommitMessagePattern .git/COMMIT_EDITMSG -p "HelloWorld"
npx hook-cli checkCommitMessagePattern -m "I say HelloWorld" -p "HelloWorld"
npx hook-cli checkCommitMessagePattern -m "I say HelloWorld" -p "HelloWorld" -n
Check if a staged file like a changelog was changed locale or remote compared to another branch
Option | Description | Type | default |
---|---|---|---|
-b , --branch | Branch to compare to. | string | main |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | true |
npx hook-cli checkForFileChanged CHANGELOG.md
npx hook-cli checkForFileChanged CHANGELOG.md -b trunk
npx hook-cli checkForFileChanged CHANGELOG.md -n
npx hook-cli checkForFileChanged CHANGELOG.md -b trunk -n
Runs a package audit and collects the results.
Option | Description | Type | default |
---|---|---|---|
-m , --package-manager | The package manager you want to use. Keep in mind that both package managers report differently. | yarn , npm | npm |
-l , --audit-level | The severity of the vulnerabilities what the script will report. | info , low , moderate , high , critical | critical |
-p , --prod | If true only run audit for prod dependencies and skip dev ones. | boolean | false |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli checkForVulnerabilities
npx hook-cli checkForVulnerabilities --package-manager yarn
npx hook-cli checkForVulnerabilities --audit-level low
npx hook-cli checkForVulnerabilities --no-fail
npx hook-clicheckForVulnerabilities --prod
npx hook-cli checkForVulnerabilities -l high -m yarn -n -p
Check if the version field is the same for package.json and package-lock.json
Option | Description | Type | default |
---|---|---|---|
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli checkPackageVersion
Check if the version field is the same for package.json and file
Option | Description | Type | default |
---|---|---|---|
-p , --json-path | Path in json file to check | string | `` |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli checkPackageVersionInFile hello.json -p 'path.version'
npx hook-cli checkPackageVersionInFile hello.json -p 'path.version' -n
Prints a list of packages that have updates.
Option | Description | Type | default |
---|---|---|---|
-m , --package-manager | The package manager you want to use. Keep in mind that both package managers report differently. | yarn , npm | npm |
-n , --no-fail | If true only prints warning messages and do not exit with not zero code. | boolean | false |
npx hook-cli updateReminder
npx hook-cli updateReminder -m yarn
npx hook-cli updateReminder -n
npx hook-cli updateReminder -m yarn -n
src/modules
.touch src/modules/helloWorld.ts
import { registerCommandModule } from '../util/commandModule.helper';
export = registerCommandModule()({
command: 'helloWorld',
describe: 'HelloWorld',
handler: () => console.log('HelloWorld'),
});
npx hook-cli [command] --help
npm run hook-cli -- [command]
npx ts-node src/index.ts [command]
FAQs
A small hook cli that can be used with for example husky
The npm package @beuluis/hook-cli receives a total of 24 weekly downloads. As such, @beuluis/hook-cli popularity was classified as not popular.
We found that @beuluis/hook-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.