Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
lefthook-windows-arm64
Advanced tools
The Windows ARM 64-bit binary for lefthook, git hooks manager.
The fastest polyglot Git hooks manager out there
A Git hooks manager for Node.js, Ruby, Python and many other types of projects.
With Go (>= 1.23):
go install github.com/evilmartians/lefthook@latest
With NPM:
npm install lefthook --save-dev
For Ruby:
gem install lefthook
For Python:
pip install lefthook
Installation guide with more ways to install lefthook: apt, brew, winget, and others.
Configure your hooks, install them once and forget about it: rely on the magic underneath.
# Configure your hooks
vim lefthook.yml
# Install them to the git project
lefthook install
# Enjoy your work with git
git add -A && git commit -m '...'
lefthook.yml
config options.Gives you more speed. Example
pre-push:
parallel: true
If you want your own list. Custom and prebuilt examples.
pre-commit:
commands:
frontend-linter:
run: yarn eslint {staged_files}
backend-linter:
run: bundle exec rubocop --force-exclusion {all_files}
frontend-style:
files: git diff --name-only HEAD @{push}
run: yarn stylelint {files}
If you want to filter list of files. You could find more glob pattern examples here.
pre-commit:
commands:
backend-linter:
glob: "*.rb" # glob filter
exclude: '(^|/)(application|routes)\.rb$' # regexp filter
run: bundle exec rubocop --force-exclusion {all_files}
If you want to execute the commands in a relative path
pre-commit:
commands:
backend-linter:
root: "api/" # Careful to have only trailing slash
glob: "*.rb" # glob filter
run: bundle exec rubocop {all_files}
If oneline commands are not enough, you can execute files. Example.
commit-msg:
scripts:
"template_checker":
runner: bash
If you want to control a group of commands. Example.
pre-push:
commands:
packages-audit:
tags: frontend security
run: yarn audit
gems-audit:
tags: backend security
run: bundle audit
If you are in the Docker environment. Example.
pre-commit:
scripts:
"good_job.js":
runner: docker run -it --rm <container_id_or_name> {cmd}
If you a frontend/backend developer and want to skip unnecessary commands or override something into Docker. Description.
# lefthook-local.yml
pre-push:
exclude_tags:
- frontend
commands:
packages-audit:
skip: true
If you want to run hooks group directly.
$ lefthook run pre-commit
If you want to run specific group of commands directly.
fixer:
commands:
ruby-fixer:
run: bundle exec rubocop --force-exclusion --safe-auto-correct {staged_files}
js-fixer:
run: yarn eslint --fix {staged_files}
$ lefthook run fixer
If you don't want to see supporting information:
skip_output:
- meta #(version and which hook running)
- success #(output from runners with exit code 0)
FAQs
The Windows ARM 64-bit binary for lefthook, git hooks manager.
The npm package lefthook-windows-arm64 receives a total of 24,778 weekly downloads. As such, lefthook-windows-arm64 popularity was classified as popular.
We found that lefthook-windows-arm64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.