Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@commitlint/is-ignored
Advanced tools
The @commitlint/is-ignored npm package is designed to check if a given commit message should be ignored based on the rules defined in commitlint. This is particularly useful in automating the process of commit message validation, allowing developers to filter out commit messages that do not require validation according to the specified criteria.
Check if a commit message is ignored
This feature allows you to check if a specific commit message should be ignored based on the commitlint configuration. It's useful for integrating with tools that automate commit message validation, enabling you to skip certain types of commits, such as those starting with 'chore:', 'docs:', or any other patterns you define in your commitlint configuration.
const isIgnored = require('@commitlint/is-ignored').default;
const commitMessage = 'chore: update dependencies';
const shouldIgnore = isIgnored(commitMessage);
console.log(shouldIgnore); // Output: true or false depending on the rules
commitlint is a broader package that includes the functionality of @commitlint/is-ignored as part of its suite for linting commit messages. It provides a CLI and configurable rules for validating commit messages, whereas @commitlint/is-ignored focuses solely on determining if a commit message should be ignored.
conventional-changelog is a set of tools for parsing and generating changelogs from git metadata, based on the conventions used in commit messages. While it focuses more on changelog generation from commit messages, it shares the concept of analyzing commit messages, similar to what @commitlint/is-ignored does for determining if a commit should be ignored.
FAQs
Lint your commit messages
The npm package @commitlint/is-ignored receives a total of 2,962,232 weekly downloads. As such, @commitlint/is-ignored popularity was classified as popular.
We found that @commitlint/is-ignored demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.