Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@commitlint/config-conventional
Advanced tools
Shareable commitlint config enforcing conventional commits
The @commitlint/config-conventional npm package is used to enforce conventional commit messages. This package provides a set of rules that follow the Conventional Commits specification, which standardizes commit messages to make them more readable and to facilitate automatic generation of changelogs.
Enforcing commit message structure
This code snippet is a configuration file that extends the rules from @commitlint/config-conventional. It is used to enforce a conventional commit message structure in your project.
module.exports = {extends: ['@commitlint/config-conventional']};
Linting commit messages
This command line example demonstrates how to lint a commit message using commitlint with the conventional configuration. It will check if the message follows the conventional commit format.
echo 'fix: correct minor typos in code' | npx commitlint
Integrating with commit hooks
This code snippet shows how to integrate commitlint with Husky's commit-msg hook to automatically lint each commit message before it is finalized.
husky add .husky/commit-msg 'npx --no-install commitlint --edit "$1"'
Similar to @commitlint/config-conventional, standard-version is a utility for versioning using semver and CHANGELOG generation powered by Conventional Commits. It differs in that it focuses on versioning and changelog generation rather than linting commit messages.
semantic-release automates the versioning and package publishing process based on semantic versioning and Conventional Commits, similar to @commitlint/config-conventional's adherence to the Conventional Commits specification. However, semantic-release encompasses the full release process, including determining the next version number, generating release notes, and publishing the package.
commitizen is a tool that prompts developers to follow the Conventional Commits format when creating commit messages. It is complementary to @commitlint/config-conventional, which lints commit messages, whereas commitizen helps in crafting them.
Lint your conventional commits
Shareable commitlint
config enforcing conventional commits.
Use with @commitlint/cli and @commitlint/prompt-cli.
npm install --save-dev @commitlint/config-conventional @commitlint/cli
echo "export default {extends: ['@commitlint/config-conventional']};" > commitlint.config.js
The following rules are considered problems for @commitlint/config-conventional
and will yield a non-zero exit code when not met.
Consult Rules reference for a list of available rules.
condition: type
is found in value
rule: always
level: error
value
[
'build',
'chore',
'ci',
'docs',
'feat',
'fix',
'perf',
'refactor',
'revert',
'style',
'test'
];
echo "foo: some message" # fails
echo "fix: some message" # passes
type
is in case value
always
error
'lowerCase'
echo "FIX: some message" # fails
echo "fix: some message" # passes
type
is emptynever
error
echo ": some message" # fails
echo "fix: some message" # passes
subject
is in one of the cases ['sentence-case', 'start-case', 'pascal-case', 'upper-case']
never
error
echo "fix(SCOPE): Some message" # fails
echo "fix(SCOPE): Some Message" # fails
echo "fix(SCOPE): SomeMessage" # fails
echo "fix(SCOPE): SOMEMESSAGE" # fails
echo "fix(scope): some message" # passes
echo "fix(scope): some Message" # passes
subject
is emptynever
error
echo "fix:" # fails
echo "fix: some message" # passes
subject
ends with value
never
error
'.'
echo "fix: some message." # fails
echo "fix: some message" # passes
header
has value
or less charactersalways
error
100
echo "fix: some message that is way too long and breaks the line max-length by several characters" # fails
echo "fix: some message" # passes
footer
should have a leading blank linealways
warning
echo "fix: some message
BREAKING CHANGE: It will be significant" # warning
echo "fix: some message
BREAKING CHANGE: It will be significant" # passes
footer
each line has value
or less charactersalways
error
100
echo "fix: some message
BREAKING CHANGE: footer with multiple lines
has a message that is way too long and will break the line rule 'line-max-length' by several characters" # fails
echo "fix: some message
BREAKING CHANGE: footer with multiple lines
but still no line is too long" # passes
body
should have a leading blank linealways
warning
echo "fix: some message
body" # warning
echo "fix: some message
body" # passes
body
each line has value
or less charactersalways
error
100
echo "fix: some message
body with multiple lines
has a message that is way too long and will break the line rule 'line-max-length' by several characters" # fails
echo "fix: some message
body with multiple lines
but still no line is too long" # passes
FAQs
Shareable commitlint config enforcing conventional commits
The npm package @commitlint/config-conventional receives a total of 2,747,320 weekly downloads. As such, @commitlint/config-conventional popularity was classified as popular.
We found that @commitlint/config-conventional demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.