@appliedblockchain/changelog - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

bin/changelog.js

 #! /usr/bin/env node
 
+const { resolve } = require('path')
+const { existsSync } = require('fs')
 const { execSync } = require('child_process')
@@ -8,10 +10,15 @@
 const sh = cmd => execSync(cmd, { encoding: 'utf8' }).trim()
-const linesOf = cmd => sh(cmd).split('\n').map(_1 => _1.trim()).filter(Boolean)
 const tagsOf = () => linesOf('git tag --sort=-creatordate').filter(isSemver)
 const dateOf = tag => sh(`git log -1 --format=%ai ${tag} | awk '{ print $1 }'`)
-const logsOf = (tag1, tag2) => linesOf(`git log ${tag1}...${tag2} --pretty=format:'%s'`).filter(Boolean)
 const withDot = $1 => $1.endsWith('.') ? $1 : `${$1}.`
 const withCapital = $1 => $1.charAt(0).toUpperCase() + $1.slice(1)
 const sentenceOf = $1 => withDot(withCapital($1))
+const linesOf = cmd => sh(cmd).split('\n').map(_1 => _1.trim()).filter(Boolean)
+const logsOf = (tag1, tag2) => linesOf(`git log ${tag1}...${tag2} --pretty=format:'%s'`).filter(Boolean)
 
+const pluginPath = resolve('./.changelog.js')
+const plugin = existsSync(pluginPath) ?
+  require(pluginPath) :
+  { transform: _ => _ }
+
 const isValuableLog = log => {
@@ -48,4 +55,4 @@ if (typeof log !== 'string') {
   for (const log of logs) {
-    puts(`* ${sentenceOf(log)}`)
+    puts(`* ${plugin.transform(sentenceOf(log))}`)
   }
 }

Changelog.md

 # Changelog
 
+## [v1.2.0](../../compare/v1.1.0...v1.2.0) (2020-03-05)
+
+* Adding support for custom, per-project "plugin".
+* Disabling package lock.
+
+## [v1.1.0](../../compare/v1.0.4...v1.1.0) (2018-08-16)
+
+* Docs: Add repo to package.json.
+* Feat: Use package as bin/cli directly.
+* Updating changelog.
+
 ## [v1.0.4](../../compare/v1.0.3...v1.0.4) (2018-08-08)
@@ -4,0 +15,0 @@

package.json

 {
   "name": "@appliedblockchain/changelog",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "npx @appliedblockchain/changelog > Changelog.md",
@@ -5,0 +5,0 @@ "main": "changelog",

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2948

increased by21.22%

Lines of code

49

increased by13.95%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Number of low supply chain risk alerts

3

increased by200%

No dependency changes