25 lines
747 B
Bash
25 lines
747 B
Bash
#!/bin/bash
|
|
# Git Pre-Push Hook - Security Audit
|
|
# Install: cp scripts/git-hooks/pre-push .git/hooks/ && chmod +x .git/hooks/pre-push
|
|
|
|
echo "Running security audit before push..."
|
|
|
|
cd frontend
|
|
AUDIT=$(npm audit --json 2>/dev/null || true)
|
|
CRITICAL=$(echo "$AUDIT" | grep -o '"critical":[0-9]*' | head -1 | cut -d: -f2)
|
|
|
|
if [ "${CRITICAL:-0}" -gt 0 ]; then
|
|
echo ""
|
|
echo "========================================"
|
|
echo " PUSH BLOCKED: Critical vulnerabilities found!"
|
|
echo "========================================"
|
|
npm audit 2>/dev/null | grep -A 3 "critical"
|
|
echo ""
|
|
echo "Run 'npm audit fix' or update packages manually."
|
|
echo "To bypass: git push --no-verify"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Security check passed."
|
|
exit 0
|