secure-husky-setup 1.0.12 → 1.0.13

package/bin/index.js

@@ -3,7 +3,6 @@ const { installHusky } = require('../lib/husky');
 const { installGitleaks } = require('../lib/gitleaks');
 const { installSonarScanner, setupSonarProperties } = require('../lib/sonarqube');
 const { setupPreCommitHook } = require('../lib/hooks');
-// Added by Arjun — import CI setup functions from the new lib/ci.js module
 const { setupPrePushHook, setupCIScript, setupCIWorkflow, validateProject, ensurePackageLock } = require('../lib/ci');
 const { isGitRepo } = require('../lib/git');
 const { logInfo, logError, logSuccess } = require('../lib/logger');
@@ -19,41 +18,38 @@ const command = process.argv[2];
   try {
     logInfo("Initializing secure git hooks...");
 
-    if (!await isGitRepo()) {
-      throw new Error("Not inside a git repository.");
+    const { found, gitRoot, projectRoot } = await isGitRepo();
+
+    if (!found) {
+      throw new Error("Not inside a git repository. Please run 'git init' first.");
+    }
+
+    if (gitRoot !== projectRoot) {
+      logInfo(`Git root detected at: ${gitRoot}`);
+      logInfo(`Project root (package.json): ${projectRoot}`);
+      logInfo(`Monorepo/subfolder setup detected — hooks installed at git root, config at project root.`);
     }
 
-    // ── Existing steps — pre-commit hooks (no changes made here) ─────────────
-    await installHusky();
+    // ── Pre-commit hooks ──────────────────────────────────────────────────────
+    await installHusky(gitRoot);
     await installGitleaks();
     await installSonarScanner();
     await setupSonarProperties();
-    await setupPreCommitHook();
+    await setupPreCommitHook(gitRoot);
 
     logSuccess("Secure Husky + Gitleaks + SonarQube setup completed.");
     logInfo("Next step: edit sonar-project.properties and set sonar.host.url and sonar.token.");
 
-    // Added by Arjun — pre-push hook + GitHub Actions CI workflow setup ───────
-    // Runs Newman API tests and smoke tests automatically on every git push
+    // ── Pre-push hook + GitHub Actions CI workflow ────────────────────────────
     logInfo("Setting up Newman & Smoke Test CI workflow...");
 
-    // Added by Arjun — ensure package-lock.json exists (required by npm ci in workflow)
     await ensurePackageLock();
-
-    // Added by Arjun — validate package.json has "start" and "test" scripts
     await validateProject();
-
-    // Added by Arjun — write standalone scripts/run-ci-checks.sh (all test logic lives here)
-    await setupCIScript();
-
-    // Added by Arjun — copy ci-tests.yml into .github/workflows/
+    await setupCIScript(gitRoot);
     await setupCIWorkflow();
-
-    // Added by Arjun — create .husky/pre-push hook (thin wrapper that calls run-ci-checks.sh)
-    await setupPrePushHook();
+    await setupPrePushHook(gitRoot);
 
     logSuccess("Newman + Smoke Test pre-push hook and GitHub Actions workflow setup completed.");
-    // ── End of Arjun's additions ──────────────────────────────────────────────
 
   } catch (err) {
     logError(err.message);

package/lib/ci.js

@@ -1,12 +1,5 @@
 'use strict';
 
-// ─────────────────────────────────────────────────────────────────────────────
-// Added by Arjun
-// File: lib/ci.js
-// Purpose: Sets up Newman API tests + Smoke Tests as a pre-push git hook
-//          and copies the GitHub Actions CI workflow into the project.
-// ─────────────────────────────────────────────────────────────────────────────
-
 const fs = require('fs-extra');
 const path = require('path');
 const { execSync } = require('child_process');
@@ -14,7 +7,8 @@ const { logInfo, logSuccess, logError } = require('./logger');
 
 const TEMPLATE_PATH = path.resolve(__dirname, '../templates/ci-tests.yml');
 
-exports.setupCIScript = async () => {
+exports.setupCIScript = async (gitRoot) => {
+  const projectDir = path.relative(gitRoot, process.cwd()) || '.';
   const scriptsDir = path.join(process.cwd(), 'scripts');
   const scriptPath = path.join(scriptsDir, 'run-ci-checks.sh');
 
@@ -26,14 +20,14 @@ exports.setupCIScript = async () => {
     logInfo("Creating scripts/run-ci-checks.sh...");
   }
 
-  await fs.writeFile(scriptPath, buildCIScript());
+  await fs.writeFile(scriptPath, buildCIScript(projectDir));
   await fs.chmod(scriptPath, 0o755);
   logSuccess("scripts/run-ci-checks.sh created.");
   logInfo("To move tests to pre-commit in future: add './scripts/run-ci-checks.sh' to .husky/pre-commit.");
 };
 
-exports.setupPrePushHook = async () => {
-  const huskyDir = path.join(process.cwd(), '.husky');
+exports.setupPrePushHook = async (gitRoot) => {
+  const huskyDir = path.join(gitRoot, '.husky');
   const hookPath = path.join(huskyDir, 'pre-push');
 
   if (!await fs.pathExists(huskyDir)) {
@@ -41,13 +35,15 @@ exports.setupPrePushHook = async () => {
     return;
   }
 
+  const projectDir = path.relative(gitRoot, process.cwd()) || '.';
+
   if (await fs.pathExists(hookPath)) {
     logInfo("Pre-push hook already configured. Overwriting with latest setup...");
   } else {
     logInfo("Creating new pre-push hook...");
   }
 
-  await fs.writeFile(hookPath, buildPrePushHook());
+  await fs.writeFile(hookPath, buildPrePushHook(projectDir));
   await fs.chmod(hookPath, 0o755);
   logSuccess("Pre-push hook created — calls scripts/run-ci-checks.sh.");
 };
@@ -85,12 +81,12 @@ exports.validateProject = async () => {
   const scripts = pkg.scripts || {};
 
   if (!scripts.start) {
-    logError('No "start" script in package.json — CI server boot will fail.');
+    logError('No "start" script in package.json — smoke tests will be skipped.');
     logInfo('Add:  "start": "node index.js"');
   }
 
   if (!scripts.test) {
-    logError('No "test" script in package.json — smoke tests will fail.');
+    logError('No "test" script in package.json — smoke tests will be skipped.');
     logInfo('Add:  "test": "jest"  (or your test runner)');
   }
 
@@ -117,19 +113,17 @@ exports.ensurePackageLock = async () => {
   }
 };
 
-function buildPrePushHook() {
+function buildPrePushHook(projectDir) {
+  const cdLine = projectDir !== '.' ? `cd "${projectDir}"` : '';
   return `#!/bin/sh
 
-# ---------------------------------------------------------------
 # Pre-push hook — Newman + Smoke Tests
-# Delegates all logic to scripts/run-ci-checks.sh
-# ---------------------------------------------------------------
-
+${cdLine ? cdLine + '\n' : ''}
 ./scripts/run-ci-checks.sh
 `;
 }
 
-function buildCIScript() {
+function buildCIScript(projectDir) {
   return `#!/bin/sh
 
 # ---------------------------------------------------------------
@@ -166,17 +160,17 @@ echo ""
 echo "[CI Checks] Starting checks..."
 
 # ---------------------------------------------------------------
-# Check if start script exists
+# Check if start and test scripts exist
 # ---------------------------------------------------------------
-START_SCRIPT=$(node -e "const p=require('./package.json'); console.log(p.scripts&&p.scripts.start?'yes':'no')" 2>/dev/null)
-TEST_SCRIPT=$(node -e "const p=require('./package.json'); console.log(p.scripts&&p.scripts.test?'yes':'no')" 2>/dev/null)
+START_SCRIPT=$(node -e "try{const p=require('./package.json');console.log(p.scripts&&p.scripts.start?'yes':'no')}catch(e){console.log('no')}" 2>/dev/null)
+TEST_SCRIPT=$(node -e "try{const p=require('./package.json');console.log(p.scripts&&p.scripts.test?'yes':'no')}catch(e){console.log('no')}" 2>/dev/null)
 
 if [ "$START_SCRIPT" = "no" ]; then
   echo "[Smoke Tests] No start script in package.json — skipping smoke tests."
 else
 
   # ---------------------------------------------------------------
-  # Step 1: Smoke Tests
+  # Step 1: Smoke Tests — start server + run tests
   # ---------------------------------------------------------------
   echo ""
   echo "[Smoke Tests] Starting server..."
@@ -184,10 +178,10 @@ else
   npm start &
   SERVER_PID=\$!
 
-  # Auto-detect port — tries common ports
+  # Auto-detect port — tries all common ports
   SERVER_UP=0
   for i in \$(seq 1 30); do
-    for PORT_TRY in 3000 5000 8000 8080 4000 4200 3001; do
+    for PORT_TRY in 3000 5000 8000 8080 4000 4200 3001 8081 1337 9000; do
       if curl -sf http://localhost:\$PORT_TRY > /dev/null 2>&1; then
         PORT=\$PORT_TRY
         SERVER_UP=1
@@ -221,7 +215,7 @@ else
   fi
 
   # ---------------------------------------------------------------
-  # Step 2: Newman
+  # Step 2: Newman API Tests
   # ---------------------------------------------------------------
   echo ""
   echo "[Newman] Looking for Postman collections..."
@@ -241,7 +235,7 @@ else
 
   if ! command -v newman > /dev/null 2>&1; then
     echo "[Newman] Installing newman globally..."
-    npm install -g newman newman-reporter-htmlextra
+    npm install -g newman newman-reporter-htmlextra 2>/dev/null || true
   fi
 
   mkdir -p newman-reports

package/lib/git.js

@@ -1,19 +1,20 @@
 const fs = require('fs');
 const path = require('path');
 
+// Returns { found, gitRoot, projectRoot }
+// gitRoot  = where .git folder is (where husky installs)
+// projectRoot = where package.json is (where scripts/sonar/gitleaks live)
 exports.isGitRepo = async () => {
-  // Walk up directory tree to find .git folder
-  // This handles postinstall where cwd() is inside node_modules/package-name
-  let dir = process.cwd();
+  const projectRoot = process.cwd();
+  let dir = projectRoot;
 
   while (true) {
     if (fs.existsSync(path.join(dir, '.git'))) {
-      return true;
+      return { found: true, gitRoot: dir, projectRoot };
     }
     const parent = path.dirname(dir);
-    if (parent === dir) break; // reached filesystem root
+    if (parent === dir) break;
     dir = parent;
   }
-
-  return false;
+  return { found: false, gitRoot: null, projectRoot };
 };

package/lib/hooks.js

@@ -2,8 +2,8 @@ const fs = require('fs-extra');
 const path = require('path');
 const { logInfo, logSuccess } = require('./logger');
 
-exports.setupPreCommitHook = async () => {
-  const huskyDir = path.join(process.cwd(), '.husky');
+exports.setupPreCommitHook = async (gitRoot) => {
+  const huskyDir = path.join(gitRoot, '.husky');
   const hookPath = path.join(huskyDir, 'pre-commit');
 
   if (!await fs.pathExists(huskyDir)) {
@@ -11,7 +11,11 @@ exports.setupPreCommitHook = async () => {
     return;
   }
 
-  const hookContent = buildHookScript();
+  // projectDir = where package.json, sonar-project.properties, .tools/ live
+  // This is relative path from gitRoot to project (e.g. "server" or ".")
+  const projectDir = path.relative(gitRoot, process.cwd()) || '.';
+
+  const hookContent = buildHookScript(projectDir);
 
   if (await fs.pathExists(hookPath)) {
     logInfo("Pre-commit hook already configured. Overwriting with latest setup...");
@@ -22,6 +26,7 @@ exports.setupPreCommitHook = async () => {
   await fs.writeFile(hookPath, hookContent);
   await fs.chmod(hookPath, 0o755);
 
+  // .gitleaksignore goes in the project dir, not git root
   const gitleaksIgnorePath = path.join(process.cwd(), '.gitleaksignore');
   await fs.writeFile(gitleaksIgnorePath, '.tools/\nsonar-project.properties\n');
   logInfo(".gitleaksignore created — excluding .tools/ and sonar-project.properties.");
@@ -29,9 +34,23 @@ exports.setupPreCommitHook = async () => {
   logSuccess("Pre-commit hook created with Gitleaks + SonarQube (git diff only).");
 };
 
-function buildHookScript() {
+function buildHookScript(projectDir) {
+  // If project is in a subfolder, all tool paths must be prefixed
+  const cdLine = projectDir !== '.' ? `cd "${projectDir}"` : '';
+  const gitleaksBin = projectDir !== '.'
+    ? `./${projectDir}/.tools/gitleaks/gitleaks`
+    : `./.tools/gitleaks/gitleaks`;
+  const sonarBin = projectDir !== '.'
+    ? `./${projectDir}/node_modules/.bin/sonar-scanner`
+    : `./node_modules/.bin/sonar-scanner`;
+  const sonarProps = projectDir !== '.'
+    ? `./${projectDir}/sonar-project.properties`
+    : `./sonar-project.properties`;
+
   return `#!/bin/sh
 
+# Move to project directory if in monorepo/subfolder setup
+${cdLine ? cdLine + '\n' : ''}
 STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
 
 if [ -z "$STAGED_FILES" ]; then
@@ -47,7 +66,7 @@ done
 echo ""
 echo "[Gitleaks] Scanning changed files for secrets..."
 
-GITLEAKS_BIN="./.tools/gitleaks/gitleaks"
+GITLEAKS_BIN="${gitleaksBin}"
 
 if [ ! -f "$GITLEAKS_BIN" ]; then
   echo "[Gitleaks] Binary not found. Skipping."
@@ -58,6 +77,7 @@ else
     case "$FILE" in
       sonar-project.properties) ;;
       .tools/*) ;;
+      ${projectDir !== '.' ? `${projectDir}/.tools/*) ;;` : ''}
       *)
         if [ -f "$FILE" ]; then
           DEST="$GITLEAKS_TMPDIR/$FILE"
@@ -83,15 +103,16 @@ fi
 echo ""
 echo "[SonarQube] Scanning changed files..."
 
-SONAR_BIN="./node_modules/.bin/sonar-scanner"
+SONAR_BIN="${sonarBin}"
+SONAR_PROPS="${sonarProps}"
 
 if [ ! -f "$SONAR_BIN" ]; then
   echo "[SonarQube] sonar-scanner not found. Skipping."
 else
-  if [ ! -f "sonar-project.properties" ]; then
+  if [ ! -f "$SONAR_PROPS" ]; then
     echo "[SonarQube] sonar-project.properties not found. Skipping."
   else
-    SONAR_HOST=$(grep "^sonar.host.url=" sonar-project.properties | cut -d'=' -f2 | tr -d '[:space:]')
+    SONAR_HOST=$(grep "^sonar.host.url=" "$SONAR_PROPS" | cut -d'=' -f2 | tr -d '[:space:]')
     SONAR_DOMAIN=$(echo "$SONAR_HOST" | sed 's|https://||' | sed 's|http://||' | cut -d'/' -f1 | cut -d':' -f1)
     SONAR_PORT=$(echo "$SONAR_HOST" | grep -o ':[0-9]*$' | tr -d ':')
     SONAR_PORT=\${SONAR_PORT:-9000}
@@ -99,15 +120,15 @@ else
     if ! nc -z -w3 "$SONAR_DOMAIN" "$SONAR_PORT" 2>/dev/null; then
       echo "[SonarQube] Server unreachable — skipping analysis."
     else
-      SONAR_INCLUSIONS=$(echo "$STAGED_FILES" | tr '\n' ',' | sed 's/,$//')
+      SONAR_INCLUSIONS=$(echo "$STAGED_FILES" | tr '\\n' ',' | sed 's/,$//')
       echo "[SonarQube] Scanning: $SONAR_INCLUSIONS"
 
-      $SONAR_BIN -Dsonar.inclusions="$SONAR_INCLUSIONS" -Dsonar.qualitygate.wait=true
+      $SONAR_BIN -Dproject.settings="$SONAR_PROPS" -Dsonar.inclusions="$SONAR_INCLUSIONS" -Dsonar.qualitygate.wait=true
       SONAR_EXIT=$?
 
       if [ $SONAR_EXIT -ne 0 ]; then
         echo "[SonarQube] Quality Gate FAILED. Commit blocked."
-        echo "[SonarQube] Fix issues at: $SONAR_HOST/dashboard?id=$(grep 'sonar.projectKey' sonar-project.properties | cut -d'=' -f2)"
+        echo "[SonarQube] Fix issues at: $SONAR_HOST"
         exit 1
       fi
 

package/lib/husky.js

@@ -1,12 +1,17 @@
-const { fileExists, readJSON, writeJSON } = require('./utils');
+const { readJSON, writeJSON } = require('./utils');
 const { installDevDependency } = require('./packageManager');
 const execa = require('execa');
 const path = require('path');
 const fs = require('fs-extra');
-const { logInfo, logSuccess } = require('./logger');
+const { logInfo, logSuccess, logError } = require('./logger');
 
-exports.installHusky = async () => {
+exports.installHusky = async (gitRoot) => {
   const pkgPath = path.join(process.cwd(), 'package.json');
+
+  if (!await fs.pathExists(pkgPath)) {
+    throw new Error(`No package.json found in ${process.cwd()}. Please run from your project root.`);
+  }
+
   const pkg = await readJSON(pkgPath);
 
   if (!pkg.devDependencies || !pkg.devDependencies.husky) {
@@ -15,13 +20,23 @@ exports.installHusky = async () => {
   }
 
   logInfo("Initializing Husky...");
-  await execa('npx', ['husky', 'install'], { stdio: 'inherit' });
 
-  if (!pkg.scripts) pkg.scripts = {};
+  // Always run husky install from the git root — this is where .husky/ is created
+  await execa('npx', ['husky', 'install'], { stdio: 'inherit', cwd: gitRoot });
 
+  // Add prepare script to the project's package.json
+  // If project is a subfolder, prepare script needs to reference path to git root
+  if (!pkg.scripts) pkg.scripts = {};
   if (!pkg.scripts.prepare) {
-    pkg.scripts.prepare = "husky install";
+    const isSubfolder = gitRoot !== process.cwd();
+    if (isSubfolder) {
+      // Calculate relative path from project root to git root for husky install
+      const relPath = path.relative(process.cwd(), gitRoot);
+      pkg.scripts.prepare = `cd ${relPath} && husky install ${path.relative(gitRoot, process.cwd())}/.husky || true`;
+    } else {
+      pkg.scripts.prepare = "husky install";
+    }
     await writeJSON(pkgPath, pkg);
     logSuccess("Added prepare script.");
   }
-};
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "secure-husky-setup",
-  "version": "1.0.12",
+  "version": "1.0.13",
   "description": "Automatic Husky + Gitleaks setup for any JS project",
   "main": "bin/index.js",
   "bin": {