From 8f9419f0896151d3c0c9c926a7e23962457a6b6a Mon Sep 17 00:00:00 2001 From: raj pandey Date: Thu, 17 Apr 2025 14:09:23 +0530 Subject: [PATCH 1/3] Test Commit --- .husky/commit-msg | 6 ++-- .husky/pre-commit | 70 ++++++++++++++++++++++++++++++++++++++++++++--- .talismanrc | 6 ++-- package-lock.json | 20 +++++++------- package.json | 6 ++-- 5 files changed, 86 insertions(+), 22 deletions(-) diff --git a/.husky/commit-msg b/.husky/commit-msg index 80416c7..1bd9242 100755 --- a/.husky/commit-msg +++ b/.husky/commit-msg @@ -1,4 +1,4 @@ -#!/usr/bin/env sh -. "$(dirname -- "$0")/_/husky.sh" +# #!/usr/bin/env sh +# . "$(dirname -- "$0")/_/husky.sh" -npx --no-install commitlint --edit "$1" +# npx --no-install commitlint --edit "$1" diff --git a/.husky/pre-commit b/.husky/pre-commit index 9b08247..4f1fbbc 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -1,7 +1,69 @@ #!/usr/bin/env sh -. "$(dirname -- "$0")/_/husky.sh" +# Pre-commit hook to run Snyk and Talisman scans, completing both before deciding to commit -# CMD="${TALISMAN_HOME}/talisman_hook_script $DEBUG_OPTS --githook pre-commit" -# ${CMD} +# Function to check if a command exists +command_exists() { + command -v "$1" >/dev/null 2>&1 +} -# npm run test +# Check if Snyk is installed +if ! command_exists snyk; then + echo "Error: Snyk is not installed. Please install it and try again." + exit 1 +fi + +# Check if Talisman is installed +if ! command_exists talisman; then + echo "Error: Talisman is not installed. Please install it and try again." + exit 1 +fi + +# Allow bypassing the hook with an environment variable +if [ "$SKIP_HOOK" = "1" ]; then + echo "Skipping Snyk and Talisman scans (SKIP_HOOK=1)." + exit 0 +fi + +# Initialize variables to track scan results +snyk_failed=false +talisman_failed=false + +# Run Snyk vulnerability scan +echo "Running Snyk vulnerability scan..." +snyk test --all-projects > snyk_output.log 2>&1 +snyk_exit_code=$? + +if [ $snyk_exit_code -eq 0 ]; then + echo "Snyk scan passed: No vulnerabilities found." +elif [ $snyk_exit_code -eq 1 ]; then + echo "Snyk found vulnerabilities. See snyk_output.log for details." + snyk_failed=true +else + echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details." + snyk_failed=true +fi + +# Run Talisman secret scan (continues even if Snyk failed) +echo "Running Talisman secret scan..." +talisman --githook pre-commit > talisman_output.log 2>&1 +talisman_exit_code=$? + +if [ $talisman_exit_code -eq 0 ]; then + echo "Talisman scan passed: No secrets found." +else + echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details." + talisman_failed=true +fi + +# Evaluate results after both scans +if [ "$snyk_failed" = true ] || [ "$talisman_failed" = true ]; then + echo "Commit aborted due to issues found in one or both scans." + [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log" + [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log" + exit 1 +fi + +# If both scans pass, allow the commit +echo "All scans passed. Proceeding with commit.cd ." +rm -f snyk_output.log talisman_output.log +exit 0 \ No newline at end of file diff --git a/.talismanrc b/.talismanrc index 06ea795..4cba77b 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,6 @@ fileignoreconfig: -- filename: package-lock.json - checksum: ebafc1a55b01b2259dacb35e2c286ad88c811974c6955d379be3205abbf1c7ff + - filename: package-lock.json + checksum: 35d938d5db5403928d0821c7a8ead7b26ec26465b85223829a8a2c13e089a1c3 + - filename: .husky/pre-commit + checksum: 5baabd7d2c391648163f9371f0e5e9484f8fb90fa2284cfc378732ec3192c193 version: "" \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index be01418..7ea7b95 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.2.0", "license": "MIT", "dependencies": { - "axios": "^1.7.9", + "axios": "^1.8.4", "axios-mock-adapter": "^2.1.0", "lodash": "^4.17.21", "qs": "^6.14.0", @@ -41,7 +41,7 @@ "eslint-plugin-react": "^7.37.4", "eslint-plugin-react-hooks": "^4.6.2", "eslint-plugin-spellcheck": "^0.0.20", - "husky": "^8.0.3", + "husky": "^9.1.7", "jest": "28.1.3", "jest-environment-jsdom": "28.1.3", "jest-html-reporters": "^3.1.7", @@ -3219,9 +3219,9 @@ } }, "node_modules/axios": { - "version": "1.7.9", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", - "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", + "version": "1.8.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.4.tgz", + "integrity": "sha512-eBSYY4Y68NNlHbHBMdeDmKNtDgXWhQsJcGqzO3iLUM0GraQFSS9cVgPX5I9b3lbdFKyYoAEGAZF1DwhTaljNAw==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", @@ -6843,16 +6843,16 @@ } }, "node_modules/husky": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/husky/-/husky-8.0.3.tgz", - "integrity": "sha512-+dQSyqPh4x1hlO1swXBiNb2HzTDN1I2IGLQx1GrBuiqFJfoMrnZWwVmatvSiO+Iz8fBUnf+lekwNo4c2LlXItg==", + "version": "9.1.7", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz", + "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==", "dev": true, "license": "MIT", "bin": { - "husky": "lib/bin.js" + "husky": "bin.js" }, "engines": { - "node": ">=14" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/typicode" diff --git a/package.json b/package.json index 43dfd73..c8c12a9 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "types": "./dist/cjs/src/index.d.ts", "license": "MIT", "scripts": { - "prepare": "npm run build", + "prepare": "husky && chmod +x .husky/pre-commit && npm run build", "bootstrap": "npm i --package-lock-only --omit=dev", "lint": "eslint . -c .eslintrc.js", "test": "jest ./test", @@ -19,7 +19,7 @@ "build:types": "node tools/cleanup types && tsc -p config/tsconfig.types.json" }, "dependencies": { - "axios": "^1.7.9", + "axios": "^1.8.4", "axios-mock-adapter": "^2.1.0", "lodash": "^4.17.21", "qs": "^6.14.0", @@ -62,7 +62,7 @@ "eslint-plugin-react": "^7.37.4", "eslint-plugin-react-hooks": "^4.6.2", "eslint-plugin-spellcheck": "^0.0.20", - "husky": "^8.0.3", + "husky": "^9.1.7", "jest": "28.1.3", "jest-environment-jsdom": "28.1.3", "jest-html-reporters": "^3.1.7", From 97b32a7685b53c94cd1eac123c69e8cff1c3c785 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Thu, 17 Apr 2025 14:14:07 +0530 Subject: [PATCH 2/3] Update policy-scan.yml --- .github/workflows/policy-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml index 13bd362..7d635fc 100644 --- a/.github/workflows/policy-scan.yml +++ b/.github/workflows/policy-scan.yml @@ -24,4 +24,4 @@ jobs: - uses: actions/checkout@master - name: Checks for License file run: | - if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file + if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" || -f "LICENSE.txt" ]]; then exit 1; fi From d8c7e109d3b684bb5d58c4d63942eb3e5e4af996 Mon Sep 17 00:00:00 2001 From: raj pandey Date: Thu, 17 Apr 2025 17:02:17 +0530 Subject: [PATCH 3/3] Updated script --- package.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index c8c12a9..fa200e6 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "types": "./dist/cjs/src/index.d.ts", "license": "MIT", "scripts": { - "prepare": "husky && chmod +x .husky/pre-commit && npm run build", + "prepare": "npm run build", "bootstrap": "npm i --package-lock-only --omit=dev", "lint": "eslint . -c .eslintrc.js", "test": "jest ./test", @@ -16,7 +16,8 @@ "build:cjs": "node tools/cleanup cjs && tsc -p config/tsconfig.cjs.json", "build:esm": "node tools/cleanup esm && tsc -p config/tsconfig.esm.json", "build:umd": "node tools/cleanup umd && webpack --config config/webpack.config.js", - "build:types": "node tools/cleanup types && tsc -p config/tsconfig.types.json" + "build:types": "node tools/cleanup types && tsc -p config/tsconfig.types.json", + "husky-check": "npm run build && husky && chmod +x .husky/pre-commit" }, "dependencies": { "axios": "^1.8.4",