Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@lerna/conventional-commits
Advanced tools
Lerna's internal interface to conventional-changelog and friends
@lerna/conventional-commits is a package that integrates conventional commit messages with Lerna, a tool for managing JavaScript projects with multiple packages. It helps automate the versioning and changelog generation based on commit messages following the Conventional Commits specification.
Automatic Versioning
Automatically bumps the version of your packages based on the commit messages. For example, a commit message with 'feat:' will trigger a minor version bump, while 'fix:' will trigger a patch version bump.
lerna version --conventional-commits
Changelog Generation
Generates a changelog file based on the commit messages. This helps in keeping track of what changes have been made in each version.
lerna version --conventional-commits --changelog-preset angular
Commit Message Validation
Ensures that commit messages follow the Conventional Commits specification, which helps in maintaining a consistent commit history.
lerna version --conventional-commits --yes
standard-version is a utility for versioning and changelog generation based on Conventional Commits. It is similar to @lerna/conventional-commits but is more focused on single-package repositories rather than monorepos.
semantic-release automates the versioning and package publishing process based on the commit messages. It offers more advanced features like automatic publishing to npm and GitHub, making it a more comprehensive solution compared to @lerna/conventional-commits.
commitizen helps you write commit messages that follow the Conventional Commits specification. While it doesn't handle versioning or changelog generation directly, it can be used in conjunction with tools like @lerna/conventional-commits to ensure commit message consistency.
@lerna/conventional-commits
Lerna's internal interface to conventional-changelog and friends
You probably shouldn't, at least directly.
Install lerna for access to the lerna
CLI.
FAQs
Lerna's internal interface to conventional-changelog and friends
The npm package @lerna/conventional-commits receives a total of 329,043 weekly downloads. As such, @lerna/conventional-commits popularity was classified as popular.
We found that @lerna/conventional-commits demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.