Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
pre-commit
Advanced tools
Readme
pre-commit is a pre-commit hook installer for git
. It will ensure that
your npm test
(or other specified scripts) passes before you can commit your
changes. This all conveniently configured in your package.json
.
But don't worry, you can still force a commit by telling git
to skip the
pre-commit
hooks by simply committing using --no-verify
.
It's advised to install the pre-commit module as a devDependencies
in your
package.json
as you only need this for development purposes. To install the
module simply run:
npm install --save-dev pre-commit
To install it as devDependency
. When this module is installed it will override
the existing pre-commit
file in your .git/hooks
folder. Existing
pre-commit
hooks will be backed up as pre-commit.old
in the same repository.
pre-commit
will try to run your npm test
command in the root of the git
repository by default unless it's the default value that is set by the npm init
script.
But pre-commit
is not limited to just running your npm test
's during the
commit hook. It's also capable of running every other script that you've
specified in your package.json
"scripts" field. So before people commit you
could ensure that:
The only thing you need to do is add a pre-commit
array to your package.json
that specifies which scripts you want to have ran and in which order:
{
"name": "437464d0899504fb6b7b",
"version": "0.0.0",
"description": "ERROR: No README.md file found!",
"main": "index.js",
"scripts": {
"test": "echo \"Error: I SHOULD FAIL LOLOLOLOLOL \" && exit 1",
"foo": "echo \"fooo\" && exit 0",
"bar": "echo \"bar\" && exit 0"
},
"pre-commit": [
"foo",
"bar",
"test"
]
}
In the example above, it will first run: npm run foo
then npm run bar
and
finally npm run test
which will make the commit fail as it returns the error
code 1
. If you prefer strings over arrays or precommit
without a middle
dash, that also works:
{
"precommit": "foo, bar, test"
"pre-commit": "foo, bar, test"
"pre-commit": ["foo", "bar", "test"]
"precommit": ["foo", "bar", "test"],
"precommit": {
"run": "foo, bar, test",
},
"pre-commit": {
"run": ["foo", "bar", "test"],
},
"precommit": {
"run": ["foo", "bar", "test"],
},
"pre-commit": {
"run": "foo, bar, test",
}
}
The examples above are all the same. In addition to configuring which scripts should be ran you can also configure the following options:
pre-commit:
messages when things fail
or when we have nothing to run. Should be a boolean.These options can either be added in the pre-commit
/precommit
object as keys
or as "pre-commit.{key}
key properties in the package.json
:
{
"precommit.silent": true,
"pre-commit": {
"silent": true
}
}
It's all the same. Different styles so use what matches your project. To learn
more about the scripts, please read the official npm
documentation:
https://npmjs.org/doc/scripts.html
And to learn more about git hooks read:
MIT
FAQs
Automatically install pre-commit hooks for your npm modules.
The npm package pre-commit receives a total of 322,946 weekly downloads. As such, pre-commit popularity was classified as popular.
We found that pre-commit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.