New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@bonvoy/core

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bonvoy/core

🚢 Core hook system for bonvoy release automation

latest
Source
npmnpm
Version
0.12.2
Version published
Maintainers
1
Created
Source

@bonvoy/core 🚢

Core hook system for bonvoy release automation

The heart of bonvoy - provides the plugin architecture, configuration system, and workspace detection for npm monorepos.

Features

  • 🔌 Plugin Architecture - Extensible hook system using tapable
  • 📦 Monorepo Support - npm workspaces detection and management
  • ⚙️ Configuration - Flexible config loading with cosmiconfig
  • 🛡️ Type Safety - Runtime validation with Zod
  • đź“‹ Schema Generation - JSON Schema for IDE autocompletion

Installation

npm install @bonvoy/core

Usage

Basic Plugin

import { Bonvoy, BonvoyPlugin } from '@bonvoy/core';

class MyPlugin implements BonvoyPlugin {
  name = 'my-plugin';

  apply(bonvoy: Bonvoy) {
    bonvoy.hooks.beforeShipIt.tap(this.name, (context) => {
      console.log('Starting release...');
    });
  }
}

const bonvoy = new Bonvoy();
bonvoy.use(new MyPlugin());

Configuration

import { loadConfig } from '@bonvoy/core';

const config = await loadConfig();
console.log(config.versioning); // 'independent' | 'fixed'

Workspace Detection

import { detectWorkspaces } from '@bonvoy/core';

const packages = await detectWorkspaces('/path/to/monorepo');
console.log(packages.map(p => p.name));

Hook System

Available hooks for plugins:

  • beforeShipIt - Before starting release process
  • validateRepo - Validate repository state
  • getVersion - Determine version bump for packages
  • version - Apply version changes
  • afterVersion - After version changes applied
  • beforeChangelog - Before generating changelog
  • generateChangelog - Generate changelog content
  • afterChangelog - After changelog generated
  • beforePublish - Before publishing packages
  • publish - Publish packages
  • afterPublish - After packages published
  • beforeRelease - Before creating releases
  • makeRelease - Create releases
  • afterRelease - After releases created

Configuration Schema

interface BonvoyConfig {
  versioning?: 'independent' | 'fixed';
  rootVersionStrategy?: 'max' | 'patch' | 'none';
  commitMessage?: string;
  tagFormat?: string;
  changelog?: {
    global?: boolean;
    sections?: Record<string, string>;
  };
  workflow?: 'direct' | 'pr';
  baseBranch?: string;
  plugins?: (string | [string, object])[];
}

License

MIT

Keywords

release
automation
hooks
plugin
monorepo

FAQs

Package last updated on 13 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026