diff --git a/.gitignore b/.gitignore index 4fb05c6..0af90ae 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,7 @@ example/* jest.config.js .jsbeautifyrc -dist/ \ No newline at end of file +dist/ + +talisman_output.log +snyk_output.log \ No newline at end of file diff --git a/.husky/pre-commit b/.husky/pre-commit new file mode 100755 index 0000000..825b860 --- /dev/null +++ b/.husky/pre-commit @@ -0,0 +1,69 @@ +#!/usr/bin/env sh +# Pre-commit hook to run Talisman and Snyk scans, completing both before deciding to commit + +# Function to check if a command exists +command_exists() { + command -v "$1" >/dev/null 2>&1 +} + +# Check if Talisman is installed +if ! command_exists talisman; then + echo "Error: Talisman is not installed. Please install it and try again." + exit 1 +fi + +# Check if Snyk is installed +if ! command_exists snyk; then + echo "Error: Snyk is not installed. Please install it and try again." + exit 1 +fi + +# Allow bypassing the hook with an environment variable +if [ "$SKIP_HOOK" = "1" ]; then + echo "Skipping Talisman and Snyk scans (SKIP_HOOK=1)." + exit 0 +fi + +# Initialize variables to track scan results +talisman_failed=false +snyk_failed=false + +# Run Talisman secret scan +echo "Running Talisman secret scan..." +talisman --githook pre-commit > talisman_output.log 2>&1 +talisman_exit_code=$? + +if [ $talisman_exit_code -eq 0 ]; then + echo "Talisman scan passed: No secrets found." +else + echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details." + talisman_failed=true +fi + +# Run Snyk vulnerability scan (continues even if Talisman failed) +echo "Running Snyk vulnerability scan..." +snyk test --all-projects --fail-on=all > snyk_output.log 2>&1 +snyk_exit_code=$? + +if [ $snyk_exit_code -eq 0 ]; then + echo "Snyk scan passed: No vulnerabilities found." +elif [ $snyk_exit_code -eq 1 ]; then + echo "Snyk found vulnerabilities. See snyk_output.log for details." + snyk_failed=true +else + echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details." + snyk_failed=true +fi + +# Evaluate results after both scans +if [ "$talisman_failed" = true ] || [ "$snyk_failed" = true ]; then + echo "Commit aborted due to issues found in one or both scans." + [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log" + [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log" + exit 1 +fi + +# If both scans pass, allow the commit +echo "All scans passed. Proceeding with commit." +rm -f talisman_output.log snyk_output.log +exit 0 \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index af4712e..bd8b1e1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,6 +18,7 @@ "@types/jest": "23.3.14", "@types/lodash": "4.17.14", "@types/node": "10.17.60", + "husky": "^9.1.7", "jest": "^29.7.0", "jest-config": "^29.7.0", "node-notifier": "^10.0.1", @@ -2186,6 +2187,22 @@ "node": ">=10.17.0" } }, + "node_modules/husky": { + "version": "9.1.7", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz", + "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==", + "dev": true, + "license": "MIT", + "bin": { + "husky": "bin.js" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/typicode" + } + }, "node_modules/import-local": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.2.0.tgz", diff --git a/package.json b/package.json index 71f22d5..42fd3bb 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,7 @@ "@types/jest": "23.3.14", "@types/lodash": "4.17.14", "@types/node": "10.17.60", + "husky": "^9.1.7", "jest": "^29.7.0", "jest-config": "^29.7.0", "node-notifier": "^10.0.1", @@ -29,7 +30,8 @@ "compile": "tsc -b tsconfig.json", "pretest": "npm run clean && npm run compile", "tslint": "npx tslint -c tslint.json 'src/**/*.ts'", - "test": "jest --detectOpenHandles --verbose --colors" + "test": "jest --detectOpenHandles --verbose --colors", + "pre-commit": "husky install && husky && chmod +x .husky/pre-commit" }, "engines": { "node": ">=8"