mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-02-16 19:33:11 +08:00
d9331cb17f
Replace shell: true with npx.cmd on Windows in post-edit-format.js and post-edit-typecheck.js to prevent command injection via crafted file paths. Replace console.log(data) with process.stdout.write(data) in check-console-log.js to avoid appending extra newlines to pass-through data.
46 lines
1.2 KiB
JavaScript
46 lines
1.2 KiB
JavaScript
#!/usr/bin/env node
|
|
/**
|
|
* PostToolUse Hook: Auto-format JS/TS files with Prettier after edits
|
|
*
|
|
* Cross-platform (Windows, macOS, Linux)
|
|
*
|
|
* Runs after Edit tool use. If the edited file is a JS/TS file,
|
|
* formats it with Prettier. Fails silently if Prettier isn't installed.
|
|
*/
|
|
|
|
const { execFileSync } = require('child_process');
|
|
|
|
const MAX_STDIN = 1024 * 1024; // 1MB limit
|
|
let data = '';
|
|
process.stdin.setEncoding('utf8');
|
|
|
|
process.stdin.on('data', chunk => {
|
|
if (data.length < MAX_STDIN) {
|
|
data += chunk;
|
|
}
|
|
});
|
|
|
|
process.stdin.on('end', () => {
|
|
try {
|
|
const input = JSON.parse(data);
|
|
const filePath = input.tool_input?.file_path;
|
|
|
|
if (filePath && /\.(ts|tsx|js|jsx)$/.test(filePath)) {
|
|
try {
|
|
// Use npx.cmd on Windows to avoid shell: true which enables command injection
|
|
const npxBin = process.platform === 'win32' ? 'npx.cmd' : 'npx';
|
|
execFileSync(npxBin, ['prettier', '--write', filePath], {
|
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
timeout: 15000
|
|
});
|
|
} catch {
|
|
// Prettier not installed, file missing, or failed — non-blocking
|
|
}
|
|
}
|
|
} catch {
|
|
// Invalid input — pass through
|
|
}
|
|
|
|
console.log(data);
|
|
});
|