Create dedicated check scripts for lockfile accuracy.

There isn't a corresponding fix script for this as the lockfiles are rebuilt every time you run a command that resolves dependencies, in either `cargo` or `npm`. Furthermore, `cargo build` (and anything else that runs `build.rs`) will implicitly run `npm install` and update `package-lock.json` in the process.

This was originally part of [another proposal][pr-6]. I've broken it out to make the intent clearer, and to make the proposal easier to get a handle on in isolation from other, related changes. Thanks to @wlonk for their input on this!

[pr-6]: https://codeberg.org/ojacobson/pilcrow/pulls/6

Merges prop/lockfile-checks into main.

2 files changed, 12 insertions, 4 deletions

diff --git a/git-hooks/pre-commit b/git-hooks/pre-commit
index ea34684..3ec2289 100755
--- a/git-hooks/pre-commit
+++ b/git-hooks/pre-commit
@@ -3,13 +3,10 @@
 # Don't put anything here that routinely takes longer than a second or so to
 # run. It gets old fast. That's why this doesn't run tests, for example.
 
+tools/check-lockfiles
 tools/check-format
 tools/check-lint
 
-# Make sure package-lock.json is up to date with package.json
-npm ci --dry-run
-# Make sure Cargo.lock is up to date with Cargo.toml.
-cargo update --locked --workspace
 # Make sure the prepared statement data in .sqlx is up to date. Requires
 # `cargo-sqlx` (`cargo install cargo-sqlx`).
 export DATABASE_URL=sqlite://pilcrow.db.pre-commit?mode=rwc
diff --git a/tools/check-lockfiles b/tools/check-lockfiles
new file mode 100755
index 0000000..5e27fa7
--- /dev/null
+++ b/tools/check-lockfiles
@@ -0,0 +1,11 @@
+#!/bin/bash -e
+
+## tools/check-lockfiles
+##
+## Verifies that the various dependency lockfiles used in this project match
+## the dependencies configured.
+
+cd "$(dirname "$0")/.."
+
+npm ci --dry-run
+cargo update --locked --workspace