npmpackage.info

@evilmartians/lefthook

Fast and powerful Git hooks manager for any type of projects.

1.8.4

5,038

MIT

Installations

npm install @evilmartians/lefthook

Pull Requests

Open

5

Total

438

Closed

33

Merged

400

Issues

Open

54

Total

349

Closed

295

Releases

145

v1.8.4

Published on 18 Nov 2024

v1.8.3

Published on 18 Nov 2024

v1.8.2

Published on 29 Oct 2024

v1.8.1

Published on 23 Oct 2024

v1.8.0

Published on 22 Oct 2024

v1.7.22

Published on 18 Oct 2024

View all 145 releases

Developer

evilmartians

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

No

Node Version

18.20.5

NPM Version

10.8.2 Statistics

5,038 Stars

840 Commits

218 Forks

26 Watching

4 Branches

135 Contributors

Updated on 28 Nov 2024

Languages

Go (91.37%)

Ruby (3.98%)

JavaScript (2.06%)

Shell (1.25%)

Python (0.85%)

Makefile (0.49%)

Total Downloads

Cumulative downloads

Total Downloads

3,359,835

Last day

18.8%

9,651

Compared to previous day

Last week

10.2%

49,509

Compared to previous week

Last month

-0.4%

195,826

Compared to previous month

Last year

115.5%

2,100,959

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

Versions

Lefthook

The fastest polyglot Git hooks manager out there

Lefthook logo

A Git hooks manager for Node.js, Ruby, Python and many other types of projects.

Fast. It is written in Go. Can run commands in parallel.
Powerful. It allows to control execution and files you pass to your commands.
Simple. It is single dependency-free binary which can work in any environment.

📖 Read the introduction post

Install

With Go (>= 1.23):

1go install github.com/evilmartians/lefthook@latest

With NPM:

1npm install lefthook --save-dev

For Ruby:

1gem install lefthook

For Python:

1pip install lefthook

Installation guide with more ways to install lefthook: apt, brew, winget, and others.

Usage

Configure your hooks, install them once and forget about it: rely on the magic underneath.

TL;DR

1# Configure your hooks
2vim lefthook.yml
3
4# Install them to the git project
5lefthook install
6
7# Enjoy your work with git
8git add -A && git commit -m '...'

More details

Configuration for lefthook.yml config options.
Usage for lefthook CLI options, supported ENVs, and usage tips.
Discussions for questions, ideas, suggestions.

Why Lefthook

Parallel execution

Gives you more speed. Example

1pre-push:
2  parallel: true

Flexible list of files

If you want your own list. Custom and prebuilt examples.

1pre-commit:
2  commands:
3    frontend-linter:
4      run: yarn eslint {staged_files}
5    backend-linter:
6      run: bundle exec rubocop --force-exclusion {all_files}
7    frontend-style:
8      files: git diff --name-only HEAD @{push}
9      run: yarn stylelint {files}

Glob and regexp filters

If you want to filter list of files. You could find more glob pattern examples here.

1pre-commit:
2  commands:
3    backend-linter:
4      glob: "*.rb" # glob filter
5      exclude: '(^|/)(application|routes)\.rb$' # regexp filter
6      run: bundle exec rubocop --force-exclusion {all_files}

Execute in sub-directory

If you want to execute the commands in a relative path

1pre-commit:
2  commands:
3    backend-linter:
4      root: "api/" # Careful to have only trailing slash
5      glob: "*.rb" # glob filter
6      run: bundle exec rubocop {all_files}

Run scripts

If oneline commands are not enough, you can execute files. Example.

1commit-msg:
2  scripts:
3    "template_checker":
4      runner: bash

Tags

If you want to control a group of commands. Example.

1pre-push:
2  commands:
3    packages-audit:
4      tags: frontend security
5      run: yarn audit
6    gems-audit:
7      tags: backend security
8      run: bundle audit

Support Docker

If you are in the Docker environment. Example.

1pre-commit:
2  scripts:
3    "good_job.js":
4      runner: docker run -it --rm <container_id_or_name> {cmd}

Local config

If you a frontend/backend developer and want to skip unnecessary commands or override something into Docker. Description.

1# lefthook-local.yml
2pre-push:
3  exclude_tags:
4    - frontend
5  commands:
6    packages-audit:
7      skip: true

Direct control

If you want to run hooks group directly.

1$ lefthook run pre-commit

Your own tasks

If you want to run specific group of commands directly.

1fixer:
2  commands:
3    ruby-fixer:
4      run: bundle exec rubocop --force-exclusion --safe-auto-correct {staged_files}
5    js-fixer:
6      run: yarn eslint --fix {staged_files}

1$ lefthook run fixer

Optional output

If you don't want to see supporting information:

1skip_output:
2  - meta #(version and which hook running)
3  - success #(output from runners with exit code 0)

Guides

Examples

Articles

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/lint.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/evilmartians/lefthook/test.yml/master?enable=pin
Warn: pipCommand not pinned by hash: .github/workflows/release.yml:126
Info: 0 out of 23 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

Score

5.5

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@evilmartians/lefthook

Installations

Pull Requests

5

438

33

400

Issues

54

349

295

Releases

Developer

evilmartians

Developer Guide

CommonJS

No

18.20.5

10.8.2

Statistics

Languages

Total Downloads

3,359,835

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Lefthook

Install

Usage

TL;DR

More details

Why Lefthook

Parallel execution

Flexible list of files

Glob and regexp filters

Execute in sub-directory

Run scripts

Tags

Support Docker

Local config

Direct control

Your own tasks

Optional output

Guides

Examples

Articles

10

10

10

10

10

10

10

10

1

0

0

0

0

0

0

5.5

/10