Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
@ls-age/bump-version
Advanced tools
@ls-age/bump-version
Automated npm and GitHub releases based on commit messages. Follow the Angular commit message guideline,
bump-versiondoes the rest!
How it works
bump-version assues you have two release branches: master and beta. Each commit in these branches that is marked as a fix, feature or breaking change in it's commit message triggers a new release.
- Changes to
betatrigger prereleases, changes tomastertrigger regular releases. - A fix causes a patch version update (e.g.
1.2.3 -> 1.2.4), a features increments the minor (1.2.3 -> 1.3.0) and a breaking changes change the major version component (1.2.3 -> 2.0.0). - For each release, the changelog is updated to contain the latest changes.
- The new changelog is pushed to the git remote
- A new git tag is created for the release, with release-files (the contents of the
./out/directory by default) added. - A GitHub release is created with release notes from the git history
- A new npm release is created and published if the repository's
package.jsondoesn't contain"private": true.
Example commit messages
For further information take a look at the complete guideline in the angular respoitory.
fix(scope): Prevent an error: Triggers a patch releasefeat(scope): Something new added: Triggers a minor releasebreak(scope): Major API change: Triggers a major release
Installation
With nodejs installed run npm install --save-dev @ls-age/bump-version to add bump-version as a dependency.
Usage
In a CI environment (preferred)
- Create a new GitHub API Token (with write access to releases) the script should use.
- Make sure your CI environment is set up with push access to your repository.
- Log into npm with your user account (Using a token or username and password)
- As the last step in your build run the release command:
npx bump-version --gh-token <GITHUB API TOKEN>
Take a look at this respository's CircleCI configuration for a real-world usage example.
Options
For available options run npx bump-version --help.
FAQs
Automated npm and GitHub releases based on commit messages
We found that @ls-age/bump-version demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 29 Oct 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025