Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@crystal-ball/semantic-release-base

Package Overview
Dependencies
Maintainers
4
Versions
53
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@crystal-ball/semantic-release-base

🔮 Projects - Semantic Release configs

2.40.0
latest
Source
npmnpm
Version published
Weekly downloads
212
109.9%
Maintainers
4
Weekly downloads
 
Created
Source

Crystal Ball Projects documentation

Package version NPM downloads Build status Known vulnerabilities Test coverage Maintainability :status      
Renovate Commitizen friendly ZenHub Semantic Release Contributor Covenant :integrations
Contains magic Full of love :flair       


Fully automated version management and package publishing for 🔮 packages


Package contains the shared base configs for automated release management with Semantic Release. Included configurations will:

  • Analyze commits using the ESLint commit standards to determine a semver version
  • Generate release notes for the release
  • Generate changelog updates for the release
  • Update the package.json version and publish to NPM
  • Push a release commit and tag
  • Add a comment to Github issues and PRs resolved in the release

Setup

1. Install

npm i -D @crystal-ball/semantic-release-base

2. Update package.json

{
  "release": {
    "extends": ["@crystal-ball/semantic-release-base"]
  }
}

CI/CD configuration

Releases should be configured to trigger on change to default branch in CI/CD. Configurations must be set as environment values including:

  • GH_TOKEN Github token
  • NPM_TOKEN NPM token

Configuring Github Actions

jobs:
  ci-cd:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Setup Node.js
        uses: actions/setup-node@v1
        with:
          node-version: '10'
      - name: Install
        run: npm install
        env:
          CI: true
      - name: Test
        run: npm test
      - name: Release
        if: success() && github.ref == 'refs/heads/main'
        run: npx semantic-release
        env:
          GH_TOKEN: ${{ secrets.SEMANTIC_GH_TOKEN }}
          NPM_TOKEN: ${{ secrets.SEMANTIC_NPM_TOKEN }}

Configuring Travis

deploy:
  provider: script
  skip_cleanup: true
  script:
    - npx semantic-release

Changelog generation

  • Commits with breaking changes will create a notes section

Included plugins

Keywords

crystal-ball
semantic-release

FAQs

Package last updated on 17 Sep 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases

Security News

Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases

This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.

By Sarah Gooding  -  Aug 28, 2025
Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Security News

/

Research

Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.

By Sarah Gooding, Olivia Brown, Peter van der Zee  -  Aug 27, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.