Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@brightcove/kacl
Advanced tools
Keep a Changelog tooling for linting and automatically releasing changelogs
npm i -D @brightcove/kacl
You can also install globally to easily initialize changelogs in your projects:
npm i -g @brightcove/kacl
If installed globally, you can run the kacl
command. If not, you can run it from your project's node_modules folder: ./node_modules/.bin/kacl
Usage: kacl init|lint|prerelease|release
init - Initializes a new CHANGELOG.md
lint - Lints your changelog for errors
prerelease - Checks the requirements for creating a new release (should be added to the "preversion" script)
release - Creates a new release matching your package.json version (should be added to the "version" script)
kacl is most effective when added to package.json scripts as it can be used to completely automate changelog changes when running npm version
. The following is a recommendation for setting up package.json scripts to use kacl.
{
"scripts": {
"posttest": "kacl lint",
"preversion": "kacl prerelease",
"version": "kacl release && git add CHANGELOG.md"
}
}
This setup does the following:
npm version
to ensure there is an unreleased entrynpm version
. The changelog changes will automatically be committed as part of npm version
.gh-release is a tool which will automatically create a tag and release on GitHub. It pairs nicely with kacl, and with both tools you can completely automate your version bumping. The following is a recommendation for setting up package.json scripts to use kacl with gh-release.
{
"scripts": {
"posttest": "kacl lint",
"preversion": "kacl prerelease",
"version": "kacl release && git add CHANGELOG.md",
"postversion": "git push && gh-release"
}
}
This performs the same steps as what's laid out in the Usage in package.json section, with the addition of the following:
None. The former lead maintainer, who has left Brightcove, is
Contributions are welcome, please see the contributing guidelines.
This project uses github issues, please file issues and questions here.
This project uses the keep-a-changelog library from Oscar Otero for parsing and manipulating changelogs. It's an awesome library which you should definitely check out if you're interested in helping improve project changelogs.
[0.1.11] - 2020-10-07
FAQs
Keep a Changelog tooling for automating changelog releases
The npm package @brightcove/kacl receives a total of 662 weekly downloads. As such, @brightcove/kacl popularity was classified as not popular.
We found that @brightcove/kacl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 146 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.