Husky is a popular npm package that simplifies the process of using Git hooks, enabling developers to automate tasks before committing, pushing, or merging code. Versions 1.1.1 and 1.1.2 share the same core functionality: preventing bad commits and pushes through pre-commit, pre-push, and post-merge hooks. Both versions rely on a consistent set of dependencies to achieve this, including execa, is-ci, slash, find-up, pkg-dir, read-pkg, run-node, get-stdin, cosmiconfig, and please-upgrade-node. This ensures a stable foundation for managing Git hooks. The development dependencies are aligned as well, which includes tools for testing, linting and code formatting, such as jest, tslint, prettier and their corresponding type definitions, amongst others.
The key difference between the two versions lies in the bug fixes and internal adjustments made between releases. While the manifests do not explicitly describe what features are fixed it can be observed in the "dist" parameter, where unpackedSize increased from 33853 bytes in version 1.1.1 to 34021 bytes in version 1.1.2. That indicates code changes where introduced on new version. For developers, upgrading from 1.1.1 to 1.1.2 is recommended to benefit from these improvements and ensures a more reliable experience. Developers can use husky for improving code quality and automating workflows directly from their git repository, which promotes consistency across teams by enforcing pre-defined rules.
All the vulnerabilities related to the version 1.1.2 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
