Skip to content

Feature request: repo: builtin hook to check for outdated hook versions #1243

New issue
New issue
Open
#1249
Open
Feature request: repo: builtin hook to check for outdated hook versions#1243
#1249
Labels
enhancementNew feature or requestideaJust an idea
@ichoosetoaccept

Description

@ichoosetoaccept
ichoosetoaccept
opened on Dec 19, 2025

Problem

Remembering to run prek auto-update regularly to keep pre-commit hooks up to date is a common challenge. Without regular updates, hooks can become stale, missing important bug fixes, performance improvements, or new features.

Existing solutions in the pre-commit ecosystem

  • pre-commit.ci — auto-creates weekly PRs with updates (GitHub only)
  • pre-commit-update — a hook that checks for updates during normal pre-commit runs
  • Scheduled CI jobs — run autoupdate on a cron and open PRs
  • Crontab — local scheduled updates

Prek's current state

Prek already has:

  • prek auto-update command with a nice --cooldown-days flag for supply chain security
  • repo: builtin for fast, zero-setup Rust-native hooks

What's missing is a built-in hook to check/remind developers about outdated hook versions during normal workflow.

Proposal

Add a repo: builtin hook (e.g., check-hook-updates) that runs during commits or pushes and warns when hook versions are outdated.

Example configuration

repos:
  - repo: builtin
    hooks:
      - id: check-hook-updates
        # Optional: only warn if updates are older than N days
        # (leveraging the existing --cooldown-days concept)
        args: [--cooldown-days=7]

Behavior

  • On commit/push, check if any configured hooks have newer versions available
  • If updates are found, print a warning (but don't fail the commit by default)
  • Optionally, allow --fail-on-updates to make the hook fail if updates are available
  • Respect --cooldown-days to avoid alerting about very recent releases (supply chain security)

Why this fits prek's philosophy

This aligns well with prek's "batteries included" approach—providing zero-setup, Rust-native solutions that don't require external dependencies or services. Unlike pre-commit.ci (GitHub-only) or cron jobs (requires system setup), this would work everywhere prek runs, right out of the box.

Related

  • This is different from Feature: Hook version sync #1054 which focuses on syncing hook versions with local project dependencies (e.g., matching ruff version in pre-commit config with pyproject.toml). This proposal is specifically about alerting when upstream hooks have newer releases available.
  • This is also different from prek.ci #621 (prek.ci) which discusses a hosted CI service. This proposal is for a local built-in hook that works without any external service.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestideaJust an idea

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions