prevent-forbidden-code

This module is intended as a ghooks or husky compatible plugin that prevents unwanted code from being committed into your repository.

Prerequisites

git
Node >= 4.4.x
ghooks or husky

Make sure you have a git repository (git init) BEFORE installing ghooks, otherwise you have to take extra steps if you install ghooks before running git init.

Installing

npm install prevent-forbidden-code ghooks --save-dev

Basic Configuration

// inside package.json
...
  "config": {
    "ghooks": {
      "pre-commit": "prevent-forbidden-code",
    }
  }
...

How it works, and default settings

By default, prevent-forbidden-code screens for the following array of commands in your code:

[
    "console.log(",
    "console.info(",
    "console.error(",
    "console.warn(",
    "debugger",
    "var_dump",
    "print_r",
    "fdescribe(",
    "fit(",
    "ddescribe(",
    "iit("
]

With each commit, the committed files are scanned for any lines containing these commands. If found, prevent-forbidden-code alerts you as to the type of offending command found, and where they were found:

[ >>> BEGIN PRE-COMMIT FORBIDDEN CODE CHECK ]
FAILURE: You left a console.log( in README.md
[ >>> COMMIT REJECTED ]
If you absolutely need to commit this use git commit --no-verify (-n)

Note: You can prevent the scan entirely by using the --no-verify flag on your commit, as mentioned in the output sample above.

Configuration Options

Exclusions

Adding exclusions to your configuration allows prevent-forbidden-code to skip one or more matching files from the scan. Under the hood, prevent-forbidden-code uses the excellent minimatch module to convert glob expressions in the array into regular expressions for file name matching. In the following configuration sample, all usages of the normally prevented commands in any markdown file would would be allowed.

// inside package.json
...
  "config": {
    "ghooks": {
      "pre-commit": "prevent-forbidden-code",
    },
    "prevent-forbidden-code": {
      "exclude": ["*.md"]
    }
  }
...

Rejecting Custom Lists of Commands

To override the default list of forbidden commands, just add your own forbid parameter to the config as an array of commands strings. The following example would scan files only for describe.only( and it.only( usages.

// inside package.json
...
  "config": {
    "ghooks": {
      "pre-commit": "prevent-forbidden-code",
    },
    "prevent-forbidden-code": {
      "forbid": ["describe.only(", "it.only("]  
      "exclude": ["*.md"]
    }
  }
...

License

This software is licensed under the MIT license.

keithpepin / prevent-forbidden-code Goto Github PK