npx lint-staged

# If package-lock.json is staged, run security checks before allowing commit
if git diff --cached --name-only | grep -q "package-lock.json"; then
  echo "package-lock.json changed — running security checks..."
  npm audit --audit-level=high
  npx tsx scripts/check-package-age.mts --allow=follow-redirects@1.16.0,electron@42.0.0
  npm audit signatures || echo "Warning: signature verification failed (non-blocking)"
fi
