You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
node-hooks
Advanced tools
node-hooks - npm Package Compare versions
+17
-51
@@ -1,57 +0,23 @@ | ||
| var fs = require("fs"); | ||
| var npmInstaller = require("npm-installer"); | ||
| var colors = require("colors"); | ||
| var exec = require("child_process").exec; | ||
| var running = true; | ||
| var success = false; | ||
| var node_module = undefined; | ||
| var module_version = undefined; | ||
| var install = function(hook_module, cb){ | ||
| process.stdout.write("Installing `"+hook_module+"` "); | ||
| run(cb); | ||
| exec("npm install "+hook_module+" --save", function(err, stdout, stderr){ | ||
| if(err){ | ||
| stop(" failed".red+"\nMessage: "+stdout.yellow+"\nError: "+stderr.red); | ||
| } | ||
| else{ | ||
| var pjDep = require(process.cwd()+"/package.json"); | ||
| success = true; | ||
| var keys = Object.keys(pjDep.dependencies); | ||
| node_module = keys[keys.length-1]; | ||
| module_version = pjDep.dependencies[node_module]; | ||
| fixPJ(pjDep); | ||
| stop(" complete".green); | ||
| } | ||
| }); | ||
| var install = function(hook_module, cb) { | ||
| console.log("HOOKS:".blue + " INSTALLING `" + hook_module + "` ...".yellow); | ||
| npmInstaller(hook_module, function(err, result) { | ||
| if (err) { | ||
| console.log("HOOKS:".blue + " INSTALL FAILED".red) | ||
| cb(false); | ||
| } else { | ||
| console.log("HOOKS:".blue + " INSTALL COMPLETE"); | ||
| console.log("RESULT", result); | ||
| var version = result.version; | ||
| if (result.origin != result.module + "@" && result.origin != result.module_and_location) { | ||
| version = result.origin; | ||
| } | ||
| cb(true, result.module, version); | ||
| } | ||
| }); | ||
| } | ||
| var run = function(cb){ | ||
| setTimeout(function(){ | ||
| if(running===true){ | ||
| process.stdout.write(".".yellow); | ||
| run(cb); | ||
| } | ||
| else{ | ||
| console.log(running); | ||
| cb(success, node_module, module_version); | ||
| } | ||
| }, 100); | ||
| } | ||
| var stop = function(msg){ | ||
| running = msg; | ||
| } | ||
| var fixPJ = function(pj){ | ||
| delete pj.dependencies[node_module]; | ||
| var content = JSON.stringify(pj, null, 2) + '\n'; | ||
| fs.writeFile(process.cwd()+"/package.json", content, function(err){ | ||
| if(err){ | ||
| var msg = "`"+node_module+"` has been added to package.json, and we can't seem to remove it..."; | ||
| console.log(msg.red); | ||
| } | ||
| }); | ||
| } | ||
| module.exports = install; |
+3
-2
| { | ||
| "name": "node-hooks", | ||
| "version": "0.0.11", | ||
| "version": "0.0.12", | ||
| "description": "An NPM for git hooks.", | ||
@@ -11,3 +11,4 @@ "main": "./bin/hooks.js", | ||
| "colors": "~0.6.1", | ||
| "request": "~2.27.0" | ||
| "request": "~2.27.0", | ||
| "npm-installer": "0.0.0" | ||
| }, | ||
@@ -14,0 +15,0 @@ "devDependencies": { |
+4
-0
@@ -146,1 +146,5 @@ # Hooks | ||
| ### 0.0.12 | ||
| * Hooks-module installation is now handled by npm-installer rather than a child_process.exec | ||
+107
-104
@@ -1,116 +0,119 @@ | ||
| describe("hooks add", function(){ | ||
| describe("hooks add", function() { | ||
| var local_valid_module = "../test-valid"; | ||
| var local_invalid_module = "../test-invalid"; | ||
| var npm_invalid_module = "test-npm-install"; | ||
| var github_invalid_module = "https://github.com/mcwhittemore/test-npm-install/tarball/master"; | ||
| var local_valid_module = "../test-valid"; | ||
| var local_invalid_module = "../test-invalid"; | ||
| var npm_invalid_module = "test-npm-install"; | ||
| var github_invalid_module = "https://github.com/mcwhittemore/test-npm-install/tarball/master"; | ||
| describe("to local folder", function(){ | ||
| describe("to local folder", function() { | ||
| beforeEach(function(done){ | ||
| //reset the folder to empty | ||
| cleanUp(function(){ | ||
| setUp(function(){ | ||
| run("mkdir .git && mkdir .git/hooks && hooks install", function(err, stdout, stderr){ | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| beforeEach(function(done) { | ||
| //reset the folder to empty | ||
| cleanUp(function() { | ||
| setUp(function() { | ||
| run("mkdir .git && mkdir .git/hooks && hooks install", function(err, stdout, stderr) { | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("with no args", function(){ | ||
| it("should work for a local valid module", function(done){ | ||
| run("hooks add "+local_valid_module, function(err, stdout, stderr){ | ||
| stdout.should.include(" complete".green); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a local invalid module", function(done){ | ||
| run("hooks add "+local_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a npm invalid module", function(done){ | ||
| run("hooks add "+npm_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a github invalid module", function(done){ | ||
| this.timeout(10000); | ||
| run("hooks add "+github_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }) | ||
| describe("with no args", function() { | ||
| it("should work for a local valid module", function(done) { | ||
| this.timeout = 5000; | ||
| run("hooks add " + local_valid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a local invalid module", function(done) { | ||
| run("hooks add " + local_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a npm invalid module", function(done) { | ||
| run("hooks add " + npm_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("should fail for a github invalid module", function(done) { | ||
| this.timeout = 10000; | ||
| run("hooks add " + github_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("use the `-f` option."); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }) | ||
| describe("to specified hook via", function(){ | ||
| // * --hook <GIT HOOK NAME>: this option overrides the hook-module's default-hook parameter. | ||
| it("--hook should work", function(done){ | ||
| run("hooks add --hook update "+local_valid_module, function(err, stdout, stderr){ | ||
| stdout.should.include(" complete".green); | ||
| var hooksJson = readJson(test_folder+"/hooks.json"); | ||
| hooksJson.should.have.property("update"); | ||
| hooksJson.update.should.have.property("test-valid", "../test-valid"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("to specified hook via", function() { | ||
| // * --hook <GIT HOOK NAME>: this option overrides the hook-module's default-hook parameter. | ||
| it("--hook should work", function(done) { | ||
| this.timeout = 5000; | ||
| run("hooks add --hook update " + local_valid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| var hooksJson = readJson(test_folder + "/hooks.json"); | ||
| hooksJson.should.have.property("update"); | ||
| hooksJson.update.should.have.property("test-valid", "../test-valid"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("forced via", function(){ | ||
| // * -f, --force: installs a module from npm even if it doesn't meet the `hooks-module specification`. Requires the --hook option | ||
| it("-f should work for a npm invalid module", function(done){ | ||
| run("hooks add -f --hook update "+local_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include(" complete".green); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("--force should work for a github invalid module", function(done){ | ||
| run("hooks add --force --hook update "+local_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include(" complete".green); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("forced via", function() { | ||
| // * -f, --force: installs a module from npm even if it doesn't meet the `hooks-module specification`. Requires the --hook option | ||
| it("-f should work for a npm invalid module", function(done) { | ||
| run("hooks add -f --hook update " + local_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("--force should work for a github invalid module", function(done) { | ||
| run("hooks add --force --hook update " + local_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("and include the module in package.json devDependencies", function(){ | ||
| // * --depend: adds the module to the project's package.json devDependencies parameter. | ||
| it("always", function(done){ | ||
| run("hooks add "+local_valid_module, function(err){ | ||
| var json = readJson(test_folder+"/package.json"); | ||
| json.should.have.property("devDependencies"); | ||
| json.devDependencies.should.have.property("test-valid","../test-valid"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("and include the module in package.json devDependencies", function() { | ||
| // * --depend: adds the module to the project's package.json devDependencies parameter. | ||
| it("always", function(done) { | ||
| this.timeout = 5000; | ||
| run("hooks add " + local_valid_module, function(err) { | ||
| var json = readJson(test_folder + "/package.json"); | ||
| json.should.have.property("devDependencies"); | ||
| json.devDependencies.should.have.property("test-valid", "../test-valid"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("and include the module in hooks.json file for the right hook", function(){ | ||
| it("when coming from NPM", function(done){ | ||
| run("hooks add -f --hook update "+npm_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include("complete"); | ||
| var hooksJson = readJson(test_folder+"/hooks.json"); | ||
| hooksJson.update.should.have.property("test-npm-install", "0.0.0"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("when coming from remote url", function(done){ | ||
| run("hooks add -f --hook update "+github_invalid_module, function(err, stdout, stderr){ | ||
| stdout.should.include("complete"); | ||
| var hooksJson = readJson(test_folder+"/hooks.json"); | ||
| hooksJson.update.should.have.property("test-npm-install", github_invalid_module); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("and include the module in hooks.json file for the right hook", function() { | ||
| it("when coming from NPM", function(done) { | ||
| run("hooks add -f --hook update " + npm_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| var hooksJson = readJson(test_folder + "/hooks.json"); | ||
| hooksJson.update.should.have.property("test-npm-install", "0.0.0"); | ||
| done(err); | ||
| }); | ||
| }); | ||
| it("when coming from remote url", function(done) { | ||
| run("hooks add -f --hook update " + github_invalid_module, function(err, stdout, stderr) { | ||
| stdout.should.include("COMPLETE"); | ||
| var hooksJson = readJson(test_folder + "/hooks.json"); | ||
| hooksJson.update.should.have.property("test-npm-install", github_invalid_module); | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| after(function(done){ | ||
| //tear folder down | ||
| cleanUp(done); | ||
| }); | ||
| }) | ||
| after(function(done) { | ||
| //tear folder down | ||
| cleanUp(done); | ||
| }); | ||
| }) | ||
| }); |
+95
-97
@@ -1,104 +0,102 @@ | ||
| describe("hooks run should", function(){ | ||
| var hooks = require("../lib/possible-hooks"); | ||
| var local_valid_module = "../test-valid"; | ||
| describe("hooks run should", function() { | ||
| var hooks = require("../lib/possible-hooks"); | ||
| var local_valid_module = "../test-valid"; | ||
| before(function(done){ | ||
| this.timeout(100000); | ||
| cleanUp(function(){ | ||
| setUp(function(){ | ||
| run("git init && hooks install", function(err){ | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| before(function(done) { | ||
| this.timeout = 100000; | ||
| cleanUp(function() { | ||
| setUp(function() { | ||
| run("git init && hooks install", function(err) { | ||
| done(err); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| describe("work for", function(){ | ||
| var hookTest = function(hook, done){ | ||
| run("hooks add --soft --hook "+hook+" "+local_valid_module, function(err, stdout, stderr){ | ||
| if(err){ | ||
| done(err); | ||
| } | ||
| else{ | ||
| run("hooks run "+hook, function(err, stdout, stderr){ | ||
| stdout.should.include("this is a test"); | ||
| stdout.should.include(hook); | ||
| done(err); | ||
| }); | ||
| } | ||
| }); | ||
| } | ||
| describe("work for", function() { | ||
| var hookTest = function(hook, done) { | ||
| run("hooks add --soft --hook " + hook + " " + local_valid_module, function(err, stdout, stderr) { | ||
| if (err) { | ||
| done(err); | ||
| } else { | ||
| run("hooks run " + hook, function(err, stdout, stderr) { | ||
| stdout.should.include("this is a test"); | ||
| stdout.should.include(hook); | ||
| done(err); | ||
| }); | ||
| } | ||
| }); | ||
| } | ||
| it("applypatch-msg", function(done){ | ||
| hookTest("applypatch-msg", done) | ||
| }); | ||
| it("pre-applypatch", function(done){ | ||
| hookTest("pre-applypatch", done) | ||
| }); | ||
| it("post-applypatch", function(done){ | ||
| hookTest("post-applypatch", done) | ||
| }); | ||
| it("pre-commit", function(done){ | ||
| hookTest("pre-commit", done) | ||
| }); | ||
| it("prepare-commit-msg", function(done){ | ||
| hookTest("prepare-commit-msg", done) | ||
| }); | ||
| it("commit-msg", function(done){ | ||
| hookTest("commit-msg", done) | ||
| }); | ||
| it("post-commit", function(done){ | ||
| hookTest("post-commit", done) | ||
| }); | ||
| it("pre-rebase", function(done){ | ||
| hookTest("pre-rebase", done) | ||
| }); | ||
| it("post-checkout", function(done){ | ||
| hookTest("post-checkout", done) | ||
| }); | ||
| it("post-merge", function(done){ | ||
| hookTest("post-merge", done) | ||
| }); | ||
| it("pre-receive", function(done){ | ||
| hookTest("pre-receive", done) | ||
| }); | ||
| it("update", function(done){ | ||
| hookTest("update", done) | ||
| }); | ||
| it("post-receive", function(done){ | ||
| hookTest("post-receive", done) | ||
| }); | ||
| it("post-update", function(done){ | ||
| hookTest("post-update", done) | ||
| }); | ||
| it("pre-auto-gc", function(done){ | ||
| hookTest("pre-auto-gc", done) | ||
| }); | ||
| it("post-rewrite", function(done){ | ||
| hookTest("post-rewrite", done) | ||
| }); | ||
| it("applypatch-msg", function(done) { | ||
| hookTest("applypatch-msg", done) | ||
| }); | ||
| it("pre-applypatch", function(done) { | ||
| hookTest("pre-applypatch", done) | ||
| }); | ||
| it("post-applypatch", function(done) { | ||
| hookTest("post-applypatch", done) | ||
| }); | ||
| it("pre-commit", function(done) { | ||
| hookTest("pre-commit", done) | ||
| }); | ||
| it("prepare-commit-msg", function(done) { | ||
| hookTest("prepare-commit-msg", done) | ||
| }); | ||
| it("commit-msg", function(done) { | ||
| hookTest("commit-msg", done) | ||
| }); | ||
| it("post-commit", function(done) { | ||
| hookTest("post-commit", done) | ||
| }); | ||
| it("pre-rebase", function(done) { | ||
| hookTest("pre-rebase", done) | ||
| }); | ||
| it("post-checkout", function(done) { | ||
| hookTest("post-checkout", done) | ||
| }); | ||
| it("post-merge", function(done) { | ||
| hookTest("post-merge", done) | ||
| }); | ||
| it("pre-receive", function(done) { | ||
| hookTest("pre-receive", done) | ||
| }); | ||
| it("update", function(done) { | ||
| hookTest("update", done) | ||
| }); | ||
| it("post-receive", function(done) { | ||
| hookTest("post-receive", done) | ||
| }); | ||
| it("post-update", function(done) { | ||
| hookTest("post-update", done) | ||
| }); | ||
| it("pre-auto-gc", function(done) { | ||
| hookTest("pre-auto-gc", done) | ||
| }); | ||
| it("post-rewrite", function(done) { | ||
| hookTest("post-rewrite", done) | ||
| }); | ||
| }); | ||
| }); | ||
| describe("not work for invalid hooks", function(){ | ||
| var invalid = hooks.join(""); | ||
| it("like "+invalid, function(done){ | ||
| run("hooks add --soft --hook post-rewrite "+local_valid_module, function(err, stdout, stderr){ | ||
| if(err){ | ||
| console.log("here?"); | ||
| done(err); | ||
| } | ||
| else{ | ||
| run("hooks run "+invalid, function(err, stdout, stderr){ | ||
| stderr.should.include("is not a valid git-hook"); | ||
| done(); | ||
| }); | ||
| } | ||
| }); | ||
| }); | ||
| }); | ||
| describe("not work for invalid hooks", function() { | ||
| var invalid = hooks.join(""); | ||
| it("like " + invalid, function(done) { | ||
| run("hooks add --soft --hook post-rewrite " + local_valid_module, function(err, stdout, stderr) { | ||
| if (err) { | ||
| console.log("here?"); | ||
| done(err); | ||
| } else { | ||
| run("hooks run " + invalid, function(err, stdout, stderr) { | ||
| stderr.should.include("is not a valid git-hook"); | ||
| done(); | ||
| }); | ||
| } | ||
| }); | ||
| }); | ||
| }); | ||
| after(function(done){ | ||
| cleanUp(done); | ||
| }); | ||
| after(function(done) { | ||
| cleanUp(done); | ||
| }); | ||
| }); |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
60977
2.73%- Number of lines in readme file
150
2.74%- Number of low supply chain risk alerts
23
-4.17%- Number of medium supply chain risk alerts
4
-20%Worsened metrics
- Dependency count
3
50%- Lines of code
1430
-2.05%Dependency changes
+ Added
npm-installer@0.0.0+ Added
abbrev@1.1.1(transitive)+ Added
config-chain@1.1.13(transitive)+ Added
inherits@2.0.4(transitive)+ Added
ini@1.1.01.3.8(transitive)+ Added
mkdirp@0.3.5(transitive)+ Added
nopt@2.1.2(transitive)+ Added
npm@1.3.26(transitive)+ Added
npm-installer@0.0.0(transitive)+ Added
npmconf@0.1.16(transitive)+ Added
once@1.3.3(transitive)+ Added
osenv@0.0.3(transitive)+ Added
proto-list@1.2.4(transitive)+ Added
semver@2.3.2(transitive)+ Added
wrappy@1.0.2(transitive)