From 5a7291f5932dbd0f8da6471887ed22b82e07d373 Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Mon, 21 Apr 2025 17:17:34 +0530
Subject: [PATCH] fix: add pre-commit hook for Snyk and Talisman scans; update
 dependencies

---
 .husky/pre-commit | 69 +++++++++++++++++++++++++++++++++++++++++++++++
 package-lock.json | 65 ++++++++++++++++++++++++++++++--------------
 package.json      |  6 +++--
 3 files changed, 118 insertions(+), 22 deletions(-)
 create mode 100755 .husky/pre-commit

diff --git a/.husky/pre-commit b/.husky/pre-commit
new file mode 100755
index 0000000..4f1fbbc
--- /dev/null
+++ b/.husky/pre-commit
@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+# Pre-commit hook to run Snyk and Talisman scans, completing both before deciding to commit
+
+# Function to check if a command exists
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if Snyk is installed
+if ! command_exists snyk; then
+  echo "Error: Snyk is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Check if Talisman is installed
+if ! command_exists talisman; then
+  echo "Error: Talisman is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Allow bypassing the hook with an environment variable
+if [ "$SKIP_HOOK" = "1" ]; then
+  echo "Skipping Snyk and Talisman scans (SKIP_HOOK=1)."
+  exit 0
+fi
+
+# Initialize variables to track scan results
+snyk_failed=false
+talisman_failed=false
+
+# Run Snyk vulnerability scan
+echo "Running Snyk vulnerability scan..."
+snyk test --all-projects > snyk_output.log 2>&1
+snyk_exit_code=$?
+
+if [ $snyk_exit_code -eq 0 ]; then
+  echo "Snyk scan passed: No vulnerabilities found."
+elif [ $snyk_exit_code -eq 1 ]; then
+  echo "Snyk found vulnerabilities. See snyk_output.log for details."
+  snyk_failed=true
+else
+  echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
+  snyk_failed=true
+fi
+
+# Run Talisman secret scan (continues even if Snyk failed)
+echo "Running Talisman secret scan..."
+talisman --githook pre-commit > talisman_output.log 2>&1
+talisman_exit_code=$?
+
+if [ $talisman_exit_code -eq 0 ]; then
+  echo "Talisman scan passed: No secrets found."
+else
+  echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
+  talisman_failed=true
+fi
+
+# Evaluate results after both scans
+if [ "$snyk_failed" = true ] || [ "$talisman_failed" = true ]; then
+  echo "Commit aborted due to issues found in one or both scans."
+  [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
+  [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
+  exit 1
+fi
+
+# If both scans pass, allow the commit
+echo "All scans passed. Proceeding with commit.cd ."
+rm -f snyk_output.log talisman_output.log
+exit 0
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index f91accc..912d27c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23,7 +23,8 @@
         "path": "^0.12.7"
       },
       "devDependencies": {
-        "eslint": "^5.16.0"
+        "eslint": "^5.16.0",
+        "husky": "^9.1.7"
       }
     },
     "node_modules/@ampproject/remapping": {
@@ -582,24 +583,26 @@
     },
     "node_modules/@contentstack/datasync-filesystem-sdk": {
       "version": "1.0.17",
-      "resolved": "file:../Contentstack/datasync-filesystem-sdk/contentstack-datasync-filesystem-sdk-1.0.17.tgz",
-      "integrity": "sha512-jiXolCzFLZIq1+eqGzVs/Glyim+THupbL368ZJUsq1R7+o3F1uFBWaF422x0F0DxwEK1l5+k+Wv3FmkkflUrdQ==",
+      "resolved": "https://registry.npmjs.org/@contentstack/datasync-filesystem-sdk/-/datasync-filesystem-sdk-1.0.17.tgz",
+      "integrity": "sha512-X9HpHrQoN+aWIMjyYK2p0YdbQ1E2itYnQKFvUG4FFo/sNE5X79t+k6EyanBVnIKAHrylkIbsXa1SYudQ4XZcfQ==",
       "license": "MIT",
       "dependencies": {
         "json-mask": "2.0.0",
         "lodash": "^4.17.21",
         "mkdirp": "^3.0.1",
+        "npm-pack": "^1.0.0",
         "sift": "17.1.3"
       }
     },
     "node_modules/@contentstack/datasync-mongodb-sdk": {
       "version": "1.0.11",
-      "resolved": "file:../Contentstack/datasync-mongodb-sdk/contentstack-datasync-mongodb-sdk-1.0.10.tgz",
-      "integrity": "sha512-O8BsCbjhbazjBdMIBIFxLiXE5bYTQhJskhHqSNmBaYAUyS5JjYACLt+c+cnVwXI7seGIsRV2dbSbxXpOT6mH2w==",
+      "resolved": "https://registry.npmjs.org/@contentstack/datasync-mongodb-sdk/-/datasync-mongodb-sdk-1.0.11.tgz",
+      "integrity": "sha512-AEpkP1Wzc4CTvz53qtdItr9393yOMn/+73B5AL5ai0ytiwomcXpT3Z8oQ2C9z9zorEwaBFMcyt/DFqVIRnyAuQ==",
       "license": "MIT",
       "dependencies": {
         "lodash": "^4.17.21",
         "mongodb": "^6.12.0",
+        "npm-pack": "^1.0.0",
         "sift": "^17.1.3"
       },
       "engines": {
@@ -1745,9 +1748,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001713",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001713.tgz",
-      "integrity": "sha512-wCIWIg+A4Xr7NfhTuHdX+/FKh3+Op3LBbSp2N5Pfx6T/LhdQy3GTyoTg48BReaW/MyMNZAkTadsBtai3ldWK0Q==",
+      "version": "1.0.30001715",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001715.tgz",
+      "integrity": "sha512-7ptkFGMm2OAOgvZpwgA4yjQ5SQbrNVGdRjzH0pBdy1Fasvcr+KAeECmbCAECzTuDuoX0FCY8KzUxjf9+9kfZEw==",
       "funding": [
         {
           "type": "opencollective",
@@ -2004,15 +2007,15 @@
       }
     },
     "node_modules/contentstack": {
-      "version": "3.25.2",
-      "resolved": "https://registry.npmjs.org/contentstack/-/contentstack-3.25.2.tgz",
-      "integrity": "sha512-Rv1RszEUIAotP8cD3oX8poCn326zjmTf9aAD+3Xo142SzcdczCjqWIFjhQDZqytoxEpPRHCIdujy/yA6TktSoA==",
+      "version": "3.25.3",
+      "resolved": "https://registry.npmjs.org/contentstack/-/contentstack-3.25.3.tgz",
+      "integrity": "sha512-GOv4M3snek9nVqL0o6pNLUKwCcLLXDBW2fUJzcHwekv1zD30VCb3zcaka6BHaOBdz58at77VCBX8wRxrQy5KJA==",
       "license": "MIT",
       "dependencies": {
-        "@contentstack/utils": "^1.3.18",
-        "@fetch-mock/jest": "^0.2.12",
+        "@contentstack/utils": "^1.3.20",
+        "@fetch-mock/jest": "^0.2.15",
         "es6-promise": "^4.2.8",
-        "fetch-mock": "^12.4.0",
+        "fetch-mock": "^12.5.2",
         "localStorage": "1.0.4",
         "qs": "^6.14.0"
       },
@@ -2204,9 +2207,9 @@
       "license": "MIT"
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.137",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.137.tgz",
-      "integrity": "sha512-/QSJaU2JyIuTbbABAo/crOs+SuAZLS+fVVS10PVrIT9hrRkmZl8Hb0xPSkKRUUWHQtYzXHpQUW3Dy5hwMzGZkA==",
+      "version": "1.5.139",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.139.tgz",
+      "integrity": "sha512-GGnRYOTdN5LYpwbIr0rwP/ZHOQSvAF6TG0LSzp28uCBb9JiXHJGmaaKw29qjNJc5bGnnp6kXJqRnGMQoELwi5w==",
       "license": "ISC",
       "peer": true
     },
@@ -3242,6 +3245,22 @@
         "node": ">=10.17.0"
       }
     },
+    "node_modules/husky": {
+      "version": "9.1.7",
+      "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz",
+      "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "husky": "bin.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/typicode"
+      }
+    },
     "node_modules/iconv-lite": {
       "version": "0.4.24",
       "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
@@ -4779,6 +4798,12 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/npm-pack": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/npm-pack/-/npm-pack-1.0.0.tgz",
+      "integrity": "sha512-JXmgU1xyz4dB3/WQhHaP3aPZr+CVDaa9RUyPlGL3LwjOXXkIqb4us0STQeFmI0m+QjJ3frgp1JHQujwqbXaPdw==",
+      "license": "ISC"
+    },
     "node_modules/npm-run-path": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz",
@@ -6037,9 +6062,9 @@
       }
     },
     "node_modules/tr46": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/tr46/-/tr46-5.1.0.tgz",
-      "integrity": "sha512-IUWnUK7ADYR5Sl1fZlO1INDUhVhatWl7BtJWsIhwJ0UAK7ilzzIa8uIqOO/aYVWHZPJkKbEL+362wrzoeRF7bw==",
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-5.1.1.tgz",
+      "integrity": "sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==",
       "license": "MIT",
       "dependencies": {
         "punycode": "^2.3.1"
diff --git a/package.json b/package.json
index 1c3f61f..ef55888 100644
--- a/package.json
+++ b/package.json
@@ -3,7 +3,8 @@
   "version": "0.0.6",
   "private": true,
   "scripts": {
-    "start": "node ./bin/www"
+    "start": "node ./bin/www",
+    "pre-commit": "husky install && husky && chmod +x .husky/pre-commit"
   },
   "dependencies": {
     "@contentstack/datasync-filesystem-sdk": "^1.0.17",
@@ -20,7 +21,8 @@
     "path": "^0.12.7"
   },
   "devDependencies": {
-    "eslint": "^5.16.0"
+    "eslint": "^5.16.0",
+    "husky": "^9.1.7"
   },
   "repository": {
     "type": "git",