feat: verify package-lock.json UTD (up to date)
#4598
Conversation
This reverts commit eeeea2d.
This reverts commit cd63f49.
This reverts commit 52c9f51.
This reverts commit ae9a456.
This reverts commit 3e6295f.
This reverts commit 024e42e.
This reverts commit a8fd3d4.
This reverts commit b990c9f.
This reverts commit 8d59270.
This reverts commit 21dfc4e.
This reverts commit c8e1a6a.
This reverts commit 921422d.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
mfranzke
added
the
🍒 cherryPick
|
I think this isn't a good solution. The package you used just uses Anyways I don't see the problem with Instead of adding this we should consider solving #3372 and move to pnpm. A lot of current problems would be solved with pnpm |
I mainly agree on wanting to proceed with using the package, but do like the idea of an additional check previous to a push, as we had some more |
There was a problem hiding this comment.
Pull Request Overview
This PR adds a pre-push Git hook to automatically verify that package-lock.json files are up to date before pushing changes. The hook detects changes to package files and runs npm install --package-lock-only to ensure the lock file is synchronized with package.json.
- Implements automated verification of package-lock.json synchronization during git push
- Uses a configurable pattern-matching system to detect relevant file changes
- Prevents pushes when package files are out of sync
| # Exit after first match to avoid running multiple commands | ||
| exit 0 |
There was a problem hiding this comment.
The script exits with code 0 after running the first matching command, which will allow the push to proceed even if the command was meant to modify files (like updating package-lock.json). The script should check if files were modified and either fail the push or stage the changes appropriately.
| # Exit after first match to avoid running multiple commands | |
| exit 0 | |
| # Check for file modifications after running the command | |
| MODIFIED_FILES=$(git diff --name-only) | |
| if [ -n "$MODIFIED_FILES" ]; then | |
| echo "Detected file modifications after running $command:" | |
| echo "$MODIFIED_FILES" | |
| echo "Please stage the changes before pushing." | |
| exit 1 | |
| fi |
Copilot uses AI. Check for mistakes.
| echo "Detected changes in $description" | ||
|
|
||
| ## Run the corresponding command | ||
| eval "$command" |
There was a problem hiding this comment.
Using eval with user-configurable commands poses a security risk. Consider using a safer alternative like directly calling the command or implementing a whitelist of allowed commands.
| eval "$command" | |
| bash -c "$command" |
Copilot uses AI. Check for mistakes.
| for ((i=0; i<${#CHECKS[@]}; i+=3)); do | ||
| pattern="${CHECKS[i]}" | ||
| command="${CHECKS[i+1]}" | ||
| description="${CHECKS[i+2]}" |
There was a problem hiding this comment.
The array iteration logic with manual index incrementing by 3 is error-prone and hard to maintain. Consider using associative arrays or a more structured data format to improve readability and reduce the risk of indexing errors.
| for ((i=0; i<${#CHECKS[@]}; i+=3)); do | |
| pattern="${CHECKS[i]}" | |
| command="${CHECKS[i+1]}" | |
| description="${CHECKS[i+2]}" | |
| for pattern in "${!CHECKS[@]}"; do | |
| IFS='|' read -r command description <<< "${CHECKS[$pattern]}" |
Copilot uses AI. Check for mistakes.
Proposed changes
From time to time we experience out of date
package-lock.jsonfiles. To ensure that those aren't resulting out of our local development (as they are unlikely based on dependabot updates), we should ensure that those are quickly checked ingit push.Types of changes
Further comments