Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@lmc-eu/commitlint-config
Advanced tools
LMC's config for commitlint
@lmc-eu/commitlint-config
(default config)Suitable for all projects.
npm i --dev @commitlint/cli @lmc-eu/commitlint-config
Create a .commitlintrc.js file with the following contents:
'use strict';
module.exports = {
extends: ['@lmc-eu/commitlint-config'],
};
Install a git hook into .git/hooks/commit-msg with the following contents:
#!/bin/sh
# This utility's configuration resides in .commitlintrc.js file.
./node_modules/.bin/commitlint < "$1"
If your project uses make
you can use the following process to automatically install the git hooks upon each invocation of make
with no target.
# Place the above mentioned commit-msg file into your project root's utils/githooks directory and
# make it executable: chmod +x utils/githooks/commit-msg
# Git hooks to be installed into the project workspace
# This will look up all the files in utils/githooks and generate a list of targets
GITFILES := $(patsubst utils/githooks/%, .git/hooks/%, $(wildcard utils/githooks/*))
# The `githooks` dependency should be added to the first (default) target so that it will be
# executed when invoking make with no arguments
all: githooks
githooks: $(GITFILES)
# Default target for all possible git hooks
.git/hooks/%: utils/githooks/%
cp $< $@
Or if you use husky place a git hook into .huskyrc.json with the following content:
{
"hooks": {
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
}
}
FAQs
LMC's configuration for commitlint
The npm package @lmc-eu/commitlint-config receives a total of 0 weekly downloads. As such, @lmc-eu/commitlint-config popularity was classified as not popular.
We found that @lmc-eu/commitlint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.