New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@bonvoy/plugin-gitlab

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bonvoy/plugin-gitlab

🚢 GitLab releases plugin for bonvoy

latest
Source
npmnpm
Version
0.12.0
Version published
Maintainers
1
Created
Source

@bonvoy/plugin-gitlab 🚢

GitLab releases and MR plugin for bonvoy

Creates GitLab releases with changelogs and manages release merge requests.

Installation

npm install @bonvoy/plugin-gitlab

Features

  • âś… Creates GitLab releases for each published package
  • âś… Creates release MRs for PR-based workflow
  • âś… Auto-detects project from package.json or git remote
  • âś… Includes changelog as release description
  • âś… Custom GitLab host support (self-hosted)
  • âś… Dry-run support

Configuration

// bonvoy.config.js
export default {
  gitlab: {
    token: process.env.GITLAB_TOKEN,       // default
    host: 'https://gitlab.com',            // default, or self-hosted URL
    projectId: 'my-group/my-project',      // optional, auto-detected
  },
};

Hooks

This plugin taps into the following hooks:

HookAction
makeReleaseCreates GitLab releases for published packages
createPRCreates a release MR with version bumps and changelog

Requirements

  • GITLAB_TOKEN environment variable with api scope
  • For self-hosted: GITLAB_HOST environment variable (optional)

Project Detection

The plugin auto-detects the project in this order:

  • Config option (projectId)
  • package.json repository field
  • Git remote URL

Supported URL formats:

  • https://gitlab.com/group/project
  • https://gitlab.com/group/subgroup/project
  • git@gitlab.com:group/project.git

Environment Variables

VariableDescription
GITLAB_TOKENGitLab personal access token
GITLAB_HOSTGitLab host URL (default: https://gitlab.com)

MR Workflow

When using bonvoy prepare, this plugin:

  • Creates an MR from the release branch to the base branch
  • Sets MR title and description with version bumps and changelog
  • Stores MR info in .bonvoy/release-pr.json for merge detection

Usage

To use GitLab instead of GitHub, disable the GitHub plugin:

// bonvoy.config.js
export default {
  plugins: [
    '@bonvoy/plugin-gitlab',
    // GitHub plugin is disabled when GitLab is explicitly added
  ],
};

License

MIT

Keywords

bonvoy
plugin
gitlab
release

FAQs

Package last updated on 11 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026