Skip to content

fix(hooks): pre-commit fell open when pnpm was missing from PATH#2753

Open
sturdy4days wants to merge 1 commit into
nanocoai:mainfrom
sturdy4days:fix/pre-commit-fail-closed
Open

fix(hooks): pre-commit fell open when pnpm was missing from PATH#2753
sturdy4days wants to merge 1 commit into
nanocoai:mainfrom
sturdy4days:fix/pre-commit-fail-closed

Conversation

@sturdy4days

@sturdy4days sturdy4days commented Jun 12, 2026

Copy link
Copy Markdown

Type of Change

  • Feature skill - adds a channel or integration (source code changes + SKILL.md)
  • Utility skill - adds a standalone tool (code files in .claude/skills/<name>/, no source changes)
  • Operational/container skill - adds a workflow or agent skill (SKILL.md only, no source changes)
  • Fix - bug fix or security fix to source code
  • Simplification - reduces or simplifies source code
  • Documentation - docs, README, or CONTRIBUTING changes only

Description

What: The pre-commit hook fails closed instead of open when pnpm can't run.

Why: The hook ran pnpm run format:fix and ignored its exit status. On a shell whose PATH lacks pnpm — common when pnpm is a corepack shim inside the Node prefix and the user commits from a plain login shell or GUI client — the hook printed pnpm: command not found and the commit proceeded anyway, with formatting silently skipped. A hook that fails open is worse than no hook: you believe the check ran. Observed live on a corepack-shim install (the formatter had been silently skipping for weeks of commits).

How it works: Resolve pnpm explicitly (command -v pnpm, falling back to corepack pnpm); if neither is available, or format:fix itself fails, block the commit with a clear message. Deliberate bypass stays available via git commit --no-verify.

How it was tested: All three branches exercised with controlled PATHs: pnpm present (runs directly), corepack only (runs via shim), neither (commit blocked with the message, exit 1). Also verified end-to-end on a real install where the old hook reproducibly fell open from a login shell.

🤖 Generated with Claude Code

@sturdy4days
fix(hooks): pre-commit fell open when pnpm was missing from PATH
3558885 
The hook ran `pnpm run format:fix` and ignored its exit status, so on a
shell whose PATH lacks pnpm (common when pnpm is a corepack shim inside
the Node prefix and the user commits from a plain login shell) the hook
printed "pnpm: command not found" and the commit proceeded with the
formatter silently skipped.

Resolve pnpm explicitly (corepack fallback) and fail closed: a missing or
failing formatter now blocks the commit with a clear message instead of
skipping. Deliberate bypass stays available via git commit --no-verify.
@github-actions github-actions Bot added follows-guidelines PR was created using the current contributing template PR: Fix Bug fix labels Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

follows-guidelines PR was created using the current contributing template PR: Fix Bug fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sturdy4days