New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@bonvoy/plugin-ai

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bonvoy/plugin-ai

🚢 AI-generated release notes summary for bonvoy changelogs

latest
Source
npmnpm
Version
0.12.0
Version published
Maintainers
1
Created
Source

@bonvoy/plugin-ai

AI-generated release notes summary for bonvoy changelogs. Prepends a human-readable summary above the conventional changelog.

Installation

npm install @bonvoy/plugin-ai

Usage

// bonvoy.config.js
export default {
  plugins: [
    ['@bonvoy/plugin-ai', { provider: 'openai' }]
  ]
};

Set the API key as an environment variable:

OPENAI_API_KEY=sk-...

Output

The plugin adds a blockquote summary after the version header:

## [0.9.0] - 2026-02-10

> Adds automatic rollback for failed releases and improves error messages.
> If a publish fails mid-way, bonvoy now undoes all completed steps automatically.

### ✨ Features
- add rollback & recovery for failed releases

### 🐛 Bug Fixes
- improve error messages for rollback status

The conventional changelog below remains unchanged.

Providers

Three providers are supported, each using native fetch with zero extra dependencies.

ProviderDefault ModelEnv Var
openaigpt-4o-miniOPENAI_API_KEY
anthropicclaude-sonnet-4-20250514ANTHROPIC_API_KEY
geminigemini-2.0-flashGEMINI_API_KEY
// Anthropic
['@bonvoy/plugin-ai', { provider: 'anthropic' }]

// Gemini
['@bonvoy/plugin-ai', { provider: 'gemini' }]

// Custom model
['@bonvoy/plugin-ai', { provider: 'openai', model: 'gpt-4o' }]

Configuration

OptionTypeRequiredDescription
provider'openai' | 'anthropic' | 'gemini'YesLLM provider
modelstringNoModel name (uses provider default)
apiKeystringNoAPI key (defaults to env var)
promptTemplatestringNoCustom prompt with {packageName}, {version}, {commitList} placeholders
maxTokensnumberNoMax response tokens (default: 200)

Behavior

  • Runs after the conventional changelog is generated (afterChangelog hook)
  • One LLM call per changed package
  • Skipped in --dry-run mode (no API cost)
  • On API failure: logs a warning, keeps the conventional changelog as-is

License

MIT

Keywords

bonvoy
plugin
ai
release-notes
changelog
openai

FAQs

Package last updated on 11 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026