clns / node-commit-msg Goto Github PK

View Code? Open in Web Editor NEW

44.0 44.0 6.0 11.56 MB

Git commit message validator

Home Page: https://www.npmjs.com/package/commit-msg

License: MIT License

JavaScript 95.57% Shell 4.43%

node-commit-msg's People

Contributors

Stargazers

Watchers

Forkers

weisongye unb-libraries kkrieger85 mattlyons0 418sec

node-commit-msg's Issues

[bug] Invalid memory access error

When this happens: when the message is valid.
If invalid, it does not reach that point.

The error I get:

Invalid memory access of location 0x0 rip=0x105e9d866
error: .git/hooks/commit-msg died of signal 11

Running with iojs 1.7.1

Config is the angular guidelines from examples in this repo.

Issues when using it installed globally

I haven't tried it with the "install through packages.json" route because I'm not using node or npm in my project. My apologies if I've overlooked something.

First, I installed it using npm globally:

npm install commit-msg -g

Then I created myself a text file:

echo 'Foo bar.' >test.msg

Then I used the tool to validate it:

commit-msg file test.msg

The output is the following, which looks great:

Foo bar.

error (1,8): Commit subject should not end with a period

Summary:

0/1 valid/total (with warnings: 0)

0% success rate and 0% warnings

But when I check exit status:

> echo $?
0

Despite having errors, the exit code is 0, so I cannot use it to abort the commit.

I also encountered this additional problem, where a commit message I wrote caused it to crash with a stack trace:

echo -n 'AGS74' >test.msg
commit-msg file test.msg

Resulting output:

fs.js:148
throw new ERR_INVALID_CALLBACK();
^

TypeError [ERR_INVALID_CALLBACK]: Callback must be a function
at makeCallback (fs.js:148:11)
at Object.fs.unlink (fs.js:1016:14)
at /usr/local/lib/node_modules/commit-msg/lib/nlp-parser.js:145:32
at ChildProcess.exithandler (child_process.js:273:7)
at ChildProcess.emit (events.js:182:13)
at maybeClose (internal/child_process.js:957:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:246:5)

I regret that I am not familiar with node development and cannot diagnose the issue further myself, or provide a pull request. If I can provide any additional information about these issues, please let me know. I would very much like to incorporate this tool into my workflow. Thank you for programming it and releasing it! :)

Security Notice & Bug Bounty - Remote Code Execution - huntr.dev

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Overview

commit-msg is a customizable git commit message parser and validator written in Node.js. It validates a given string based on best practices and can be used as a git hook, command line tool and/or directly through the API.

The issue occurs because a user input is formatted inside a command that will be executed without any check.

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

Package version bump

Would it be possible to publish a new version on npm with the latest changes so that the plugin works in new versions of node.

can't install the lib properly

I got lots of errors in my terminal:

gyp ERR! configure error
gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.
gyp ERR! stack     at failNoPython (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js:116:14)
gyp ERR! stack     at C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\configure.js:71:11
gyp ERR! stack     at FSReqWrap.oncomplete (fs.js:82:15)
gyp ERR! System Windows_NT 6.3.9600
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild
gyp ERR! cwd C:\Projects\testproject\node_modules\commit-msg\node_modules\java
gyp ERR! node -v v4.0.0
gyp ERR! node-gyp -v v3.0.1
gyp ERR! not ok
npm WARN optional dep failed, continuing [email protected]

> [email protected] postinstall C:\Projects\testproject\node_modules\commit-msg
> npm run hook


> [email protected] hook C:\Projects\testproject\node_modules\commit-msg
> node lib/setup

C:\Projects\testproject\node_modules\commit-msg\lib\setup.js:119
                        throw e;
                        ^

Error: EPERM: operation not permitted, symlink '..\..\node_modules\commit-msg\bin\commit-msg' -> 'C:\Projects\testproject\.git\hooks\commit-msg'
    at Error (native)
    at Object.fs.symlinkSync (fs.js:902:18)
    at setupHook (C:\Projects\testproject\node_modules\commit-msg\lib\setup.js:116:14)
    at Object.<anonymous> (C:\Projects\testproject\node_modules\commit-msg\lib\setup.js:127:1)
    at Module._compile (module.js:434:26)
    at Object.Module._extensions..js (module.js:452:10)
    at Module.load (module.js:355:32)
    at Function.Module._load (module.js:310:12)
    at Function.Module.runMain (module.js:475:10)
    at startup (node.js:117:18)

npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "run" "hook"
npm ERR! node v4.0.0
npm ERR! npm  v2.14.2
npm ERR! code ELIFECYCLE
npm ERR! [email protected] hook: `node lib/setup`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] hook script 'node lib/setup'.
npm ERR! This is most likely a problem with the commit-msg package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node lib/setup
npm ERR! You can get their info via:
npm ERR!     npm owner ls commit-msg
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR!     C:\Projects\testproject\node_modules\commit-msg\npm-debug.log
npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install"
npm ERR! node v4.0.0
npm ERR! npm  v2.14.2
npm ERR! code ELIFECYCLE

npm ERR! [email protected] postinstall: `npm run hook`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] postinstall script 'npm run hook'.
npm ERR! This is most likely a problem with the commit-msg package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     npm run hook
npm ERR! You can get their info via:
npm ERR!     npm owner ls commit-msg
npm ERR! There is likely additional logging output above.

> [email protected] preuninstall C:\Projects\testproject\node_modules\commit-msg
> npm run hook-uninstall


> [email protected] hook-uninstall C:\Projects\testproject\node_modules\commit-msg
> node lib/setup uninstall


npm ERR! Please include the following file with any support request:
npm ERR!     C:\Projects\testproject\npm-debug.log

Any suggestions how to fix that?

Install failes on 'node-gyp rebuild'

I tried to install this package globally

MacOS High Sierra 10.13.6 (17G65)

Python 2.7.10
node: v.8.5.0
node-gyp: v.3.8.0
java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

npm i -g commit-msg
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

> [email protected] preuninstall /usr/local/lib/node_modules/commit-msg
> npm run hook-uninstall


> [email protected] hook-uninstall /usr/local/lib/node_modules/commit-msg
> node lib/setup uninstall

Could not find git repo starting at /usr/local/lib/node_modules/commit-msg/lib
/usr/local/bin/commit-msg -> /usr/local/lib/node_modules/commit-msg/bin/validate
/usr/local/bin/git-commit-msg -> /usr/local/lib/node_modules/commit-msg/bin/git-commit-msg

> [email protected] install /usr/local/lib/node_modules/commit-msg/node_modules/java
> node-gyp rebuild

  CXX(target) Release/obj.target/nodejavabridge_bindings/src/java.o
In file included from ../src/java.cpp:1:
In file included from ../src/java.h:9:
In file included from ../../nan/nan.h:182:
../../nan/nan_maybe_43_inl.h:221:17: warning: 'CloneElementAt' is deprecated [-Wdeprecated-declarations]
  return array->CloneElementAt(GetCurrentContext(), index);
                ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:3457:3: note: 'CloneElementAt' has been explicitly
      marked deprecated here
  V8_DEPRECATED("Cloning is not supported.",
  ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
In file included from ../src/java.cpp:1:
In file included from ../src/java.h:9:
In file included from ../../nan/nan.h:188:
In file included from ../../nan/nan_new.h:189:
../../nan/nan_implementation_12_inl.h:40:29: warning: 'New' is deprecated [-Wdeprecated-declarations]
  return v8::BooleanObject::New(value).As<v8::BooleanObject>();
                            ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:4749:3: note: 'New' has been explicitly marked
      deprecated here
  V8_DEPRECATED("Pass an isolate", static Local<Value> New(bool value));
  ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
In file included from ../src/java.cpp:1:
In file included from ../src/java.h:9:
../../nan/nan.h:590:20: error: no type named 'GCEpilogueCallback' in 'v8::Isolate'
      v8::Isolate::GCEpilogueCallback callback
      ~~~~~~~~~~~~~^
../../nan/nan.h:596:20: error: no type named 'GCEpilogueCallback' in 'v8::Isolate'
      v8::Isolate::GCEpilogueCallback callback) {
      ~~~~~~~~~~~~~^
../../nan/nan.h:601:20: error: no type named 'GCPrologueCallback' in 'v8::Isolate'
      v8::Isolate::GCPrologueCallback callback
      ~~~~~~~~~~~~~^
../../nan/nan.h:607:20: error: no type named 'GCPrologueCallback' in 'v8::Isolate'
      v8::Isolate::GCPrologueCallback callback) {
      ~~~~~~~~~~~~~^
../../nan/nan.h:1927:15: warning: 'SetAccessor' is deprecated [-Wdeprecated-declarations]
  return obj->SetAccessor(
              ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:3127:3: note: 'SetAccessor' has been explicitly marked
      deprecated here
  V8_DEPRECATED("Use maybe version",
  ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:897:40: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
  v8::Local<v8::Number> val = info[0]->ToNumber();
                                       ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:927:40: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
  v8::Local<v8::Number> val = info[0]->ToNumber();
                                       ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:956:40: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
  v8::Local<v8::Number> val = info[0]->ToNumber();
                                       ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:983:42: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
    v8::Local<v8::Number> val = info[0]->ToNumber();
                                         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:1019:40: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
  v8::Local<v8::Number> val = info[0]->ToNumber();
                                       ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:1044:40: warning: 'ToNumber' is deprecated [-Wdeprecated-declarations]
  v8::Local<v8::Number> val = info[0]->ToNumber();
                                       ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:2279:10: note: 'ToNumber' has been explicitly marked
      deprecated here
  inline V8_DEPRECATED("Use maybe version", Local<Number> ToNumber() const);
         ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
../src/java.cpp:1263:16: warning: 'TryCatch' is deprecated [-Wdeprecated-declarations]
  v8::TryCatch tryCatch;
               ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8.h:8157:3: note: 'TryCatch' has been explicitly marked
      deprecated here
  V8_DEPRECATED("Use isolate version", TryCatch());
  ^
/Users/[HOME]/.node-gyp/8.5.0/include/node/v8config.h:332:29: note: expanded from macro 'V8_DEPRECATED'
  declarator __attribute__((deprecated))
                            ^
10 warnings and 4 errors generated.
make: *** [Release/obj.target/nodejavabridge_bindings/src/java.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:262:23)
gyp ERR! stack     at emitTwo (events.js:125:13)
gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
gyp ERR! System Darwin 17.7.0
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/local/lib/node_modules/commit-msg/node_modules/java
gyp ERR! node -v v8.5.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok

> [email protected] postinstall /usr/local/lib/node_modules/commit-msg
> npm run hook


> [email protected] hook /usr/local/lib/node_modules/commit-msg
> node lib/setup

Could not find git repo starting at /usr/local/lib/node_modules/commit-msg/lib
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/commit-msg/node_modules/java):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] install: `node-gyp rebuild`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: Exit status 1

Getting a 'Deprecation warning' on running

With version 0.2.2, I get the following line at the end of each commit:

(node:1394) [DEP0013] DeprecationWarning: Calling an asynchronous function without callback is deprecated.

Non-verbose mode

I find the default output rather verbose. Would it be possible to add an option to show output similar to git log --oneline? For example, this, except color coded?

c32d580 Remove unneeded reset styles
ade8c71 Add shields to README
9284eb9 1.1.0
f37514d Add a reset (#1)
4f51d86 Show only CDN URL in usage instructions
2ff5870 Add screenshots
7c23aa5 Allow tests to work with an HTTP server
8e43d14 Add tests
a89cbec Split source file into multiple files
3f8df22 Switch to jsDelivr CDN
eb5e6da Bump version in package file
7eb1c79 Ignore sublime project file
902e23b Change <a> and <pre> colours
da93838 Add sublime project file
bdb3c59 Revert bf1348, don't force roboto onto user
bf13483 Add roboto font-face declaration
cdb8632 Fix Milligram url
3ba141f Fix license url in stylesheet
f8396e9 Initial commit

Change Java to a peerDependency

Java dep is currently an optional dependency which has the effect of allowing it to fail installing without failing the install of commit-msg.

The problem with this is the Java package doesn't need to be installed on most systems, the fallback logic works fine. But the Java package postinstall increases the entire project's install time dramatically. Currently the only way to ignore installing the Java package is to ignore all optional packages (from all packages and their dependencies) when running npm install: npm/npm#14185

Because of this I think it would be best if Java was a peer dependency (which is effectively just a warning if it isn't installed as of npm 3). This way it can be opt in (as it generally doesn't seem to be needed in my experience on OSX and Linux).

How to setup?

I'm trying to setup this tool to help me format commit messages based on Angular standards but it simply doesn't work. I literally copy and pasted the example to my project and I can still bypass all the rules, like nothing is being checked whatsoever. The only warning I get is for empty commit messages.

Help?