Add pre-commit hook for Snyk and Talisman scans; update .gitignore and package.json

Author: harshithad0703

.gitignore

@@ -13,3 +13,7 @@ playground
 newQueryBuilder.ts
 query-builder.ts
 dist
+
+# pre-commit scans
+talisman_output.log
+snyk_output.log

.husky/pre-commit

@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+# Pre-commit hook to run Snyk and Talisman scans, completing both before deciding to commit
+
+# Function to check if a command exists
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if Snyk is installed
+if ! command_exists snyk; then
+  echo "Error: Snyk is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Check if Talisman is installed
+if ! command_exists talisman; then
+  echo "Error: Talisman is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Allow bypassing the hook with an environment variable
+if [ "$SKIP_HOOK" = "1" ]; then
+  echo "Skipping Snyk and Talisman scans (SKIP_HOOK=1)."
+  exit 0
+fi
+
+# Initialize variables to track scan results
+snyk_failed=false
+talisman_failed=false
+
+# Run Snyk vulnerability scan
+echo "Running Snyk vulnerability scan..."
+snyk test --all-projects > snyk_output.log 2>&1
+snyk_exit_code=$?
+
+if [ $snyk_exit_code -eq 0 ]; then
+  echo "Snyk scan passed: No vulnerabilities found."
+elif [ $snyk_exit_code -eq 1 ]; then
+  echo "Snyk found vulnerabilities. See snyk_output.log for details."
+  snyk_failed=true
+else
+  echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
+  snyk_failed=true
+fi
+
+# Run Talisman secret scan (continues even if Snyk failed)
+echo "Running Talisman secret scan..."
+talisman --githook pre-commit > talisman_output.log 2>&1
+talisman_exit_code=$?
+
+if [ $talisman_exit_code -eq 0 ]; then
+  echo "Talisman scan passed: No secrets found."
+else
+  echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
+  talisman_failed=true
+fi
+
+# Evaluate results after both scans
+if [ "$snyk_failed" = true ] || [ "$talisman_failed" = true ]; then
+  echo "Commit aborted due to issues found in one or both scans."
+  [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
+  [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
+  exit 1
+fi
+
+# If both scans pass, allow the commit
+echo "All scans passed. Proceeding with commit.cd ."
+rm -f snyk_output.log talisman_output.log
+exit 0

.talismanrc

@@ -1,4 +1,7 @@
 fileignoreconfig:
 - filename: package-lock.json
-  checksum: a618ae6c113021eef425f224f1dfd7066b15af1a45249ea063a193517ce5a92f
-version: ""
+  checksum: 37742c5c56859fdfed906c14e97881c4a10e0a52464fda489e4eb8154298fde4
+- filename: .husky/pre-commit
+  checksum: 5baabd7d2c391648163f9371f0e5e9484f8fb90fa2284cfc378732ec3192c193
+version: ""
+base64_entropy: false

package-lock.json

@@ -6,7 +6,7 @@
   "main": "dist/index.js",
   "scripts": {
     "clean": "rimraf dist typings coverage",
-    "build-ts": "npm run clean && tsc",
+    "build-ts": "npm run clean && tsc && husky && chmod +x .husky/pre-commit",
     "build-doc": "npm run build-ts && ./node_modules/.bin/jsdoc dist/ -r -R README.md -d docs",
     "watch-ts": "npm run clean && tsc -w",
     "compile": "tsc",
@@ -19,14 +19,15 @@
   "dependencies": {
     "lodash": "^4.17.21",
     "mongodb": "^6.12.0",
-     "sift": "^17.1.3"
+    "sift": "^17.1.3"
   },
   "devDependencies": {
     "@types/jest": "29.5.14",
     "@types/lodash": "4.17.14",
     "@types/node": "10.17.60",
     "@types/rimraf": "4.0.5",
     "debug": "^4.4.0",
+    "husky": "^9.1.7",
     "jest": "^29.7.0",
     "jsdoc": "^4.0.4",
     "node-notifier": "^10.0.1",