Husky version 1.0.0 marks a significant evolution from version 0.14.3, offering developers a more robust and feature-rich solution for managing Git hooks. The core functionality of preventing bad commits and pushes remains, but the underlying architecture and developer experience have been substantially improved.
One key difference lies in the dependency list. Version 1.0.0 introduces a suite of new dependencies such as execa, slash, find-up, pkg-dir, read-pkg, run-node, get-stdin, and cosmiconfig. These additions indicate a more sophisticated approach to handling cross-platform compatibility, configuration, and execution of scripts within the Git hook environment. The use of cosmiconfig particularly suggests a move towards more flexible and customizable configuration options for developers.
Furthermore, the development dependencies in version 1.0.0 showcase a commitment to modern development practices with additions like Typescript and related tooling (tslint, @types/node, @types/jest). This not only improves the maintainability of the library but also potentially allows developers to contribute more easily. While version 0.14.3 was a simpler tool relying on strip-indent and normalize-path, the newer release leverages modern packages, broadening functionality but introducing additional dependencies. This shift suggests version 1.0.0 is designed for larger, more complex Javascript projects requiring stronger guarantees around code quality and automated processes, which is suitable for contemporary Javascript development workflows. Developers employing Husky will likely find it significantly more useful.
All the vulnerabilities related to the version 1.0.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
