1+ #! /usr/bin/env sh
2+ # Pre-commit hook to run lint, Snyk and Talisman scans, completing all before deciding to commit
3+
4+ # Function to check if a command exists
5+ command_exists () {
6+ command -v " $1 " > /dev/null 2>&1
7+ }
8+
9+ # Allow bypassing the hook with an environment variable
10+ if [ " $SKIP_HOOK " = " 1" ; then
11+ echo " Skipping lint, Snyk and Talisman scans (SKIP_HOOK=1)."
12+ exit 0
13+ fi
14+
15+ # Run ESLint check first
16+ echo " Running ESLint check..."
17+ npm run lint
18+ lint_exit_code=$?
19+
20+ if [ $lint_exit_code -ne 0 ]; then
21+ echo " ESLint check failed. Please fix the linting issues and try again."
22+ echo " You can run 'npm run format' to auto-fix most issues."
23+ exit 1
24+ fi
25+
26+ echo " ESLint check passed."
27+
28+ # Check if Snyk is installed
29+ if ! command_exists snyk; then
30+ echo " Error: Snyk is not installed. Please install it and try again."
31+ exit 1
32+ fi
33+
34+ # Check if Talisman is installed
35+ if ! command_exists talisman; then
36+ echo " Error: Talisman is not installed. Please install it and try again."
37+ exit 1
38+ fi
39+
40+ # Initialize variables to track scan results
41+ snyk_failed=false
42+ talisman_failed=false
43+
44+ # Run Snyk vulnerability scan
45+ echo " Running Snyk vulnerability scan..."
46+ snyk test --all-projects > snyk_output.log 2>&1
47+ snyk_exit_code=$?
48+
49+ if [ $snyk_exit_code -eq 0 ]; then
50+ echo " Snyk scan passed: No vulnerabilities found."
51+ elif [ $snyk_exit_code -eq 1 ]; then
52+ echo " Snyk found vulnerabilities. See snyk_output.log for details."
53+ snyk_failed=true
54+ else
55+ echo " Snyk scan failed with error (exit code $snyk_exit_code ). See snyk_output.log for details."
56+ snyk_failed=true
57+ fi
58+
59+ # Run Talisman secret scan (continues even if Snyk failed)
60+ echo " Running Talisman secret scan..."
61+ talisman --githook pre-commit > talisman_output.log 2>&1
62+ talisman_exit_code=$?
63+
64+ if [ $talisman_exit_code -eq 0 ]; then
65+ echo " Talisman scan passed: No secrets found."
66+ else
67+ echo " Talisman scan failed (exit code $talisman_exit_code ). See talisman_output.log for details."
68+ talisman_failed=true
69+ fi
70+
71+ # Evaluate results after both scans
72+ if [ " $snyk_failed " = true ] || [ " $talisman_failed " = true ]; then
73+ echo " Commit aborted due to issues found in one or both scans."
74+ [ " $snyk_failed " = true ] && echo " - Snyk issues: Check snyk_output.log"
75+ [ " $talisman_failed " = true ] && echo " - Talisman issues: Check talisman_output.log"
76+ exit 1
77+ fi
78+
79+ # If all checks pass, allow the commit
80+ echo " All checks passed (ESLint, Snyk, Talisman). Proceeding with commit."
81+ rm -f snyk_output.log talisman_output.log
82+ exit 0
0 commit comments