Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@metamask/auto-changelog
Advanced tools
Utilities for validating and updating "Keep a Changelog" formatted changelogs
Utilities for validating and updating "Keep a Changelog" formatted changelogs.
This package has a CLI (auto-changelog
), and an API.
yarn add --dev @metamask/auto-changelog
or
npm install --save-dev @metamask/auto-changelog
yarn run auto-changelog update
or
npm run auto-changelog update
yarn run auto-changelog update --rc
or
npm run auto-changelog update --rc
This option is designed to be used for packages that live in a monorepo.
For instance, if your package is called polling-controller
and was renamed to @metamask/polling-controller
at version 0.2.3, and thus the Git tags followed suit:
yarn run auto-changelog update --tag-prefix-before-package-rename "polling-controller@" --version-before-package-name 0.2.3 --tag-prefix "@metamask/polling-controller@"
or
npm run auto-changelog update --tag-prefix-before-package-rename "polling-controller@" --version-before-package-name 0.2.3 --tag-prefix "@metamask/polling-controller@"
yarn run auto-changelog validate
or
npm run auto-changelog validate
yarn run auto-changelog validate --rc
or
npm run auto-changelog validate --rc
This option is designed to be used for packages that live in a monorepo.
For instance, if your package is called @metamask/polling-controller
and thus all Git tags for this package are prefixed with @metamask/polling-controller@
:
yarn run auto-changelog validate --tag-prefix "@metamask/polling-controller@"
or
npm run auto-changelog validate --tag-prefix "@metamask/polling-controller@"
This option is designed to be used for packages that live in a monorepo.
For instance, if your package is called polling-controller
and was renamed to @metamask/polling-controller
at version 0.2.3, and thus the Git tags followed suit:
yarn run auto-changelog validate --tag-prefix-before-package-rename "polling-controller@" --version-before-package-name 0.2.3 --tag-prefix "@metamask/polling-controller@"
or
npm run auto-changelog validate --tag-prefix-before-package-rename "polling-controller@" --version-before-package-name 0.2.3 --tag-prefix "@metamask/polling-controller@"
Each supported command is a separate named export.
updateChangelog
This command updates the changelog.
import { promises as fs } from 'fs';
import { updateChangelog } from '@metamask/auto-changelog';
const oldChangelog = await fs.readFile('CHANGELOG.md', {
encoding: 'utf8',
});
const updatedChangelog = updateChangelog({
changelogContent: oldChangelog,
currentVersion: '1.0.0',
repoUrl: 'https://github.com/ExampleUsernameOrOrganization/ExampleRepository',
isReleaseCandidate: false,
});
await fs.writeFile('CHANGELOG.md', updatedChangelog);
validateChangelog
This command validates the changelog
import { promises as fs } from 'fs';
import { validateChangelog } from '@metamask/auto-changelog';
const oldChangelog = await fs.readFile('CHANGELOG.md', {
encoding: 'utf8',
});
try {
validateChangelog({
changelogContent: oldChangelog,
currentVersion: '1.0.0',
repoUrl:
'https://github.com/ExampleUsernameOrOrganization/ExampleRepository',
isReleaseCandidate: false,
});
// changelog is valid!
} catch (error) {
// changelog is invalid
}
nvm use
will automatically choose the right node version for you.yarn install
to install dependencies and run any required post-install scriptsRun yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
publish-release
GitHub Action workflow to finish. This should trigger a second job (publish-npm
), which will wait for a run approval by the npm publishers
team.publish-npm
job (or ask somebody on the npm publishers team to approve it for you).publish-npm
job has finished, check npm to verify that it has been published.[3.4.4]
Retain tag history on update command for renamed packages with new options (#182)
FAQs
Utilities for validating and updating "Keep a Changelog" formatted changelogs
The npm package @metamask/auto-changelog receives a total of 2,844 weekly downloads. As such, @metamask/auto-changelog popularity was classified as popular.
We found that @metamask/auto-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.