@archpublicwebsite/eslint-config 1.0.18 → 1.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/eslint.config.mjs +92 -7
- package/package.json +1 -1
- package/tools/git-hooks/pre-push.mjs +235 -0
- package/tools/git-hooks/verify-commit-message.mjs +37 -18
- package/tools/security/patterns.mjs +187 -0
- package/tools/security/risks.mjs +259 -0
- package/tools/security/scan.mjs +44 -245
- package/tools/security/scanner.mjs +233 -0
- package/tools/setup/install.mjs +13 -1
package/tools/setup/install.mjs
CHANGED
|
@@ -168,6 +168,16 @@ set -euo pipefail
|
|
|
168
168
|
|
|
169
169
|
cd "$(git rev-parse --show-toplevel)"
|
|
170
170
|
node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/post-commit.mjs
|
|
171
|
+
`,
|
|
172
|
+
// pre-push: full-branch security gate — blocks pushing critical/high findings
|
|
173
|
+
// and runs pnpm audit for known CVEs. Stricter than pre-commit.
|
|
174
|
+
// Bypass (emergencies): SKIP_SECURITY_SCAN=1 git push
|
|
175
|
+
'pre-push': `#!/usr/bin/env bash
|
|
176
|
+
set -euo pipefail
|
|
177
|
+
|
|
178
|
+
cd "$(git rev-parse --show-toplevel)"
|
|
179
|
+
# Pass git push stdin (remote refs) to the scanner for range-aware scanning
|
|
180
|
+
node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/pre-push.mjs
|
|
171
181
|
`,
|
|
172
182
|
}
|
|
173
183
|
|
|
@@ -180,7 +190,7 @@ node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/post-commit.m
|
|
|
180
190
|
}
|
|
181
191
|
})
|
|
182
192
|
if (created)
|
|
183
|
-
log('Created .hooks/ (pre-commit, prepare-commit-msg, commit-msg, post-commit)')
|
|
193
|
+
log('Created .hooks/ (pre-commit, prepare-commit-msg, commit-msg, post-commit, pre-push)')
|
|
184
194
|
}
|
|
185
195
|
|
|
186
196
|
function ensureHooksPath(projectRoot) {
|
|
@@ -238,8 +248,10 @@ function ensurePackageScripts(projectRoot) {
|
|
|
238
248
|
const scripts = pkg.scripts && typeof pkg.scripts === 'object' ? pkg.scripts : {}
|
|
239
249
|
const desiredScripts = {
|
|
240
250
|
precommit: 'node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/pre-commit.mjs',
|
|
251
|
+
prepush: 'node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/pre-push.mjs',
|
|
241
252
|
'security:global-scan': 'bash ./node_modules/@archpublicwebsite/eslint-config/tools/security/scan-global.sh',
|
|
242
253
|
'security:safe-check': 'bash ./node_modules/@archpublicwebsite/eslint-config/tools/security/safe-reinstall.sh --check-only',
|
|
254
|
+
'security:pre-push': 'node node_modules/@archpublicwebsite/eslint-config/tools/git-hooks/pre-push.mjs',
|
|
243
255
|
}
|
|
244
256
|
|
|
245
257
|
let updated = false
|