Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
@changesets/cli
Advanced tools
Organise your package versioning and publishing to make both contributors and maintainers happy
@changesets/cli is a tool for managing versioning and changelogs for monorepos and single-package repositories. It helps automate the process of creating and maintaining changelogs, versioning packages, and publishing them.
Initialize Changesets
This command initializes the changesets configuration in your repository. It sets up the necessary files and directories to start using changesets.
npx changeset init
Create a Changeset
This command guides you through creating a new changeset. It prompts you to select the packages you want to include in the changeset and specify the type of change (patch, minor, major).
npx changeset
Version Packages
This command reads the changesets and bumps the versions of the packages accordingly. It updates the package.json files and creates changelog entries.
npx changeset version
Publish Packages
This command publishes the packages to the npm registry. It uses the version information generated by the 'version' command.
npx changeset publish
Lerna is a tool for managing JavaScript projects with multiple packages. It optimizes the workflow around managing multi-package repositories with git and npm. Compared to @changesets/cli, Lerna offers more comprehensive monorepo management features, including bootstrapping, linking dependencies, and running scripts across packages.
semantic-release automates the versioning and package publishing process based on the commit messages. It ensures that the package is always released with the correct version and changelog. Unlike @changesets/cli, which requires manual creation of changesets, semantic-release relies on commit message conventions to determine the type of release.
standard-version is a tool for versioning and changelog generation based on conventional commits. It automates the process of version bumping, changelog generation, and git tagging. Similar to @changesets/cli, it helps maintain consistent versioning and changelogs, but it is more focused on single-package repositories.
The primary implementation of changesets. Helps you manage the versioning and changelog entries for your packages, with a focus on versioning within a mono-repository (though we support single-package repositories too).
This package is intended as a successor to @atlaskit/build-releases
with a more general focus. It works in
bolt multi-package repositories, [yarn workspaces] multi-package repositories, and
in single-package repositories.
If you are installing this in a monorepo run
yarn add @changesets/cli
yarn changeset init
otherwise run
yarn add --dev @changesets/cli
yarn changeset init
From here you are set up to use changesets. Add your first changeset by running
yarn changeset
and following the prompts that you are presented with.
Below you can find a basic workflow for maintainers to help them use changesets, which you can vary to meet your own needs.
The core concept that changesets
follows is that contributors to a repository should be able to declare an intent to release, and that multiple intents should be able to be combined sensibly. Sensibly here refers to if there is one intent to release button as a 'minor' and another to release button as a 'patch', only one release will be made, at the higher of the two versions.
A single changeset
is an intent to release stored as data, with the information we need to combine multiple changesets and coordinate releases. It will also update internal dependencies within a multi-package repository.
Contributor runs:
yarn changeset
or
npx changeset
and answers the provided questions.
When the maintainer wants to release packages, they should run
yarn changeset version
or
npx changeset version
and then
yarn changeset publish
or
npx changeset publish
The commands are explained further below.
changeset init
This command sets up the .changeset
folder. It generates a readme and a config file. The config file includes the default options, as well as comments on what these options represent. You should run this command once, when you are setting up changesets
.
changeset [--empty]
or
changeset add [--empty]
This command will ask you a series of questions, first about what packages you want to release, then what semver bump type for each package, then it will ask for a summary of the entire changeset. At the final step it will show the changeset it will generate, and confirm that you want to add it.
Once confirmed, the changeset will be write a Markdown file that contains the summary and YAML front matter which stores the packages that will be released and the semver bump types for them.
A changeset that major bumps @changesets/cli
would look like this:
---
"@changesets/cli": major
---
A description of the major changes.
If you want to modify this file after it's generated, that's completely fine or if you want to write changeset files yourself, that's also fine.
--empty
- allows you to create an empty changeset if no packages are being bumped, usually only required if you have CI that blocks merges without a changeset.A changeset created with the empty
flag would look like this:
---
---
If you set the commit
option in the config, the command will add the updated changeset files and then commit them.
changeset version
Updates the versions for all packages described in changesets since last release along with any dependents inside the repo that are out of range.
Will also create/append to a CHANGELOG file for each package using the summaries from the changesets.
We recommend making sure changes made from this commmand are merged back into master before you run publish
.
This command will read then delete changesets on disk, ensuring that they are only used once.
changeset publish [--otp={token}]
Publishes to NPM repo, and creates git tags. Because this command assumes that last commit is the release commit you should not commit any changes between calling version
and publish
. These commands are separate to enable you to check if release commit is acurate.
--otp={token}
- allows you to provide an npm one-time password if you have auth and writes enabled on npm. The CLI also prompts for the OTP if it's not provided with the --otp
option.NOTE: You will still need to push your changes back to master after this
git push --follow-tags
status [--verbose] [--output={filePath}] [--since={gitTag}]
The status command provides information about the changesets that currently exist. If there are no changesets present, it exits with an error status code.
--verbose
- use if you want to know the new versions, and get a link to the relevant changeset summary.
--output
- allows you to write the json object of the status out, for consumption by other tools, such as CI.
--since
- to only display information about changesets since a specific branch or git tag. While this can be
used to add a CI check for changesets, we recommend not doing this. We instead recommend using the changeset bot
to detect pull requests missing changesets, as not all pull requests need one.
pre [exit|enter {tag}]
The pre command enters and exits pre mode. The command does not do any actual versioning, when doing a prerelease, you should run changeset pre enter next
(or a different tag, the tag is what is in versions and is the npm dist tag) and then do the normal release process with changeset version
and changeset publish
. For more information about the pre command, see the prereleases documentation.
In almost all circumstances, internal packages will be bumped as a patch. The one exception is when the dependency is a peerDependency
, in which case the change will become a major.
FAQs
Organise your package versioning and publishing to make both contributors and maintainers happy
We found that @changesets/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.