Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
pre-commit
Advanced tools
The pre-commit npm package allows you to easily manage and run scripts before committing code to a repository. It helps enforce code quality and consistency by running tasks such as linting, testing, and formatting before the commit is finalized.
Running Linting Scripts
This feature allows you to run linting scripts before committing code. The provided code sample configures the pre-commit hook to run ESLint on all files in the repository.
{
"scripts": {
"precommit": "eslint ."
}
}
Running Tests
This feature allows you to run tests before committing code. The provided code sample configures the pre-commit hook to run the tests defined in the npm test script.
{
"scripts": {
"precommit": "npm test"
}
}
Running Multiple Scripts
This feature allows you to run multiple scripts before committing code. The provided code sample configures the pre-commit hook to run both linting and testing scripts sequentially.
{
"scripts": {
"precommit": "npm run lint && npm test"
}
}
Husky is a popular package for managing Git hooks, including pre-commit hooks. It offers more flexibility and features compared to pre-commit, such as support for all Git hooks, easy integration with other tools, and better configuration options.
Lint-staged is a package that works well with pre-commit hooks to run linters on staged files. It is often used in conjunction with Husky to ensure that only the files that are staged for commit are linted, which can improve performance and efficiency.
pre-commit is a pre-commit hook installer for git
. It will ensure that
your npm test
(or other specified scripts) passes before you can commit your
changes. This all conveniently configured in your package.json
.
But don't worry, you can still force a commit by telling git
to skip the
pre-commit
hooks by simply committing using --no-verify
.
It's advised to install the pre-commit module as a devDependencies
in your
package.json
as you only need this for development purposes. To install the
module simply run:
npm install --save-dev pre-commit
To install it as devDependency
. When this module is installed it will override
the existing pre-commit
file in your .git/hooks
folder. Existing
pre-commit
hooks will be backed up as pre-commit.old
in the same repository.
pre-commit
will try to run your npm test
command in the root of the git
repository by default unless it's the default value that is set by the npm init
script.
But pre-commit
is not limited to just running your npm test
's during the
commit hook. It's also capable of running every other script that you've
specified in your package.json
"scripts" field. So before people commit you
could ensure that:
The only thing you need to do is add a pre-commit
array to your package.json
that specifies which scripts you want to have ran and in which order:
{
"name": "437464d0899504fb6b7b",
"version": "0.0.0",
"description": "ERROR: No README.md file found!",
"main": "index.js",
"scripts": {
"test": "echo \"Error: I SHOULD FAIL LOLOLOLOLOL \" && exit 1",
"foo": "echo \"fooo\" && exit 0",
"bar": "echo \"bar\" && exit 0"
},
"pre-commit": [
"foo",
"bar",
"test"
]
}
In the example above, it will first run: npm run foo
then npm run bar
and
finally npm run test
which will make the commit fail as it returns the error
code 1
. If you prefer strings over arrays or precommit
without a middle
dash, that also works:
{
"precommit": "foo, bar, test"
"pre-commit": "foo, bar, test"
"pre-commit": ["foo", "bar", "test"]
"precommit": ["foo", "bar", "test"],
"precommit": {
"run": "foo, bar, test",
},
"pre-commit": {
"run": ["foo", "bar", "test"],
},
"precommit": {
"run": ["foo", "bar", "test"],
},
"pre-commit": {
"run": "foo, bar, test",
}
}
The examples above are all the same. In addition to configuring which scripts should be ran you can also configure the following options:
pre-commit:
messages when things fail
or when we have nothing to run. Should be a boolean.These options can either be added in the pre-commit
/precommit
object as keys
or as "pre-commit.{key}
key properties in the package.json
:
{
"precommit.silent": true,
"pre-commit": {
"silent": true
}
}
It's all the same. Different styles so use what matches your project. To learn
more about the scripts, please read the official npm
documentation:
https://npmjs.org/doc/scripts.html
And to learn more about git hooks read:
MIT
FAQs
Automatically install pre-commit hooks for your npm modules.
The npm package pre-commit receives a total of 239,595 weekly downloads. As such, pre-commit popularity was classified as popular.
We found that pre-commit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.