An ESLint plugin to ensure GitHub dependencies in package.json contain a commit hash.

To use this ESLint plugin, install it as a development dependency:

npm install eslint-plugin-github-commit-hash --save-dev

Add github-commit-hash to the plugins section of your ESLint configuration file (e.g., .eslintrc.js):

module.exports = {
 plugins: [
 'github-commit-hash',
 ],
 overrides: [
 {
 files: ['package.json'],
 parser: 'jsonc-eslint-parser',
 rules: {
 'github-commit-hash/check-git-commit-hash': 'error',
 },
 },
 ],
};

This configuration will enable the rule that checks for commit hashes in GitHub dependencies within your package.json file.

This rule checks that all GitHub dependencies in your package.json file include a commit hash.

{
 "dependencies": {
 "@example/test": "github:example/test#123456"
 }
}

{
 "devDependencies": {
 "@example/test": "github:example/test#abcd1234"
 }
}

{
 "dependencies": {
 "@example/test": "github:example/test"
 }
}

{
 "devDependencies": {
 "@example/test": "github:example/test"
 }
}

Clone the repository and install the dependencies:

git clone https://github.com/JustSamuel/eslint-plugin-github-commit-hash.git
cd eslint-plugin-github-commit-hash
npm install

Compile the TypeScript code:

npm run build

Run the tests to ensure your code works as expected:

npm run test

Contributions are welcome! Please feel free to submit a pull request or open an issue if you have any suggestions or improvements.

This plugin was developed using the excellent jsonc-eslint-parser package and with great inspiration from eslint-plugin-package-json. I would be delighted if this would one day find its way into eslint-plugin-package-json itself.