Join GitHub today
DEV: Replace Overcommit with Lefthook #7826
Overcommit uses prebuilt hooks and require global installation.
Don't forget to remove preinstalled hooks from you repo
So what do you think about. Is it worth?
@gschlager thank you for this question. Lefthook uses signatures to keep hooks up to date. And does not use them for security purposes.
Instruments like Overcommit hide hooks implementation inside. So when developers see changes in
PreCommit: YamlSyntax: enabled: true
To understand what exactly going on here you should look at the code in overcommit repository. And between versions, this code can be changed. We can only hope the new code will not try to break something. So, I see only one benefit from the sign option it: "Hey,
For my opinion, the only way to achieve security - install project into Docker container.
But if you think that this is still an important feature, then I can add it. Just let me know.
This pull request has been mentioned on Discourse Meta. There might be relevant details there: