info
This documentation is automatically synchronized from the claude-hub repository. Last updated: 2025-06-01
Pre-commit Hook Setup
This project uses pre-commit hooks to ensure code quality and prevent secrets from being committed.
Setup
-
Install dependencies:
npm install -
Install pre-commit hooks:
npx pre-commit installOr if you have Python's pre-commit installed globally:
pre-commit install
Features
1. Code Quality Checks
- Trailing whitespace removal
- End of file fixer
- YAML syntax validation
- JSON syntax validation
- Large file detection
2. Credential Scanning
The pre-commit hooks include two credential scanners:
detect-secrets
- Scans for various types of secrets (AWS keys, GitHub tokens, etc.)
- Maintains a baseline file (
.secrets.baseline) to track allowed secrets - To update the baseline after addressing false positives:
detect-secrets scan > .secrets.baseline - To audit the baseline:
detect-secrets audit .secrets.baseline
gitleaks
- Additional credential scanning with different detection patterns
- Scans for hardcoded secrets, API keys, and sensitive information
- Uses regular expressions and entropy analysis
Usage
Pre-commit hooks run automatically when you commit. To run manually:
pre-commit run --all-files
To run a specific hook:
pre-commit run detect-secrets
pre-commit run gitleaks
Bypassing Hooks (Emergency Only)
If you need to bypass the hooks in an emergency:
git commit --no-verify
⚠️ Warning: Only bypass hooks when absolutely necessary and ensure no secrets are committed.
Adding Exceptions
If you have a false positive:
-
For detect-secrets, add a comment on the same line:
const example = "not-a-real-secret"; // pragma: allowlist secret -
For gitleaks, create or update
.gitleaksignorefile
Troubleshooting
If hooks fail to install:
- Ensure Python is installed:
python --version - Install pre-commit globally:
pip install pre-commit - Clear and reinstall:
pre-commit clean && pre-commit install