Closed mikesamuel closed 5 years ago
I am very much against any sort of package that installs git hooks implicitly - there's a reason git doesn't function that way; I find it very unsafe.
Fair enough.
(To be clear, thank you for the suggestion, and if there's a way to make it easier to install the hook explicitly i'm all for that)
That's a legitimate concern. Other ecosystems have had serious breaches due to dodgy hooks.
For small, personal projects where I'm the only committer, I'm more worried about checking out a fresh client and missing something.
https://www.npmjs.com/package/pre-commit
So if the package.json listed pre-commit as a devDependency and included
you could do away with this language from the README:
I'm happy to send a PR your way