Automatic Git hook installation is confusing and breaks Git related tooling.

[mingp]

I am working on a repo where I just introduced the tslint-config-security TSLint rules. Immediately afterwards, all my external Git tooling -- specifically, Tower -- started failing with this error message:

Husky requires Node 6, can't run Git hook.

Upon further investigation, this is what I believe happened:

• My system Node version is 4.x. My NVM Node version is 10.x.
• Upon installing tslint-config-security, the Git hooks were installed. I admit, I'm still unsure the exact mechanism by which this happened. I believe it was through Husky's post-install script, but I cannot confirm.
• Tower -- per this docs page -- by default runs Git hooks with the user's default environment, as if they had started a new shell.
• This means Tower runs this project's Git hooks under the system Node version of 4.x.
• Husky breaks under Node 4.x.

This was difficult and confusing to deal with for a number of reasons:

• I was not expecting any additional changes or side effects from installing the package.
• The failure manifests far away from where it originated.
• The error message refers to something different from and seemingly unrelated to the real root cause.

I would recommend instead, the Git hooks be included with the project, but opt-in rather than opt-out.

Please consider this change, as it could save a users quite a lot of confusion and frustration. If you agree that this is the correct course of action, I would be happy to contribute the change as a pull request. Thank you in advance.

EDIT:

I should clarify, I strongly suspect that there are many different ways to encounter analogous failures from these Git hooks, and they will be equally confusing. While an outdated system Node version, specifically, is probably not too common, I strongly suspect that the sum total of the ways in which this could break add up to reasonably common on the whole.

[webschik]

Thanks @mingp !
I've removed husky config from the NPM package in v1.10.0, but I suggest to install the package with

npm i tslint-config-security --save-dev  --production

[mingp]

Thank you for the quick turnaround, @webschik. I will test with the new version and report back.

[mingp]

Confirming that this is resolved in the new version. Thanks again, @webschik.

For future reference, in case anyone comes across this issue from Google or elsewhere: If you had already installed an earlier version and don't want the Git hooks, delete the appropriate files from the ./.git/hooks directory under your project. If you had no other hooks, instead for simplicity, delete the entire ./.git/hooks directory entirely.