Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@release-it-plugins/lerna-changelog
Advanced tools
This package is a release-it plugin
(using release-it
's plugin
API) that
integrates lerna-changelog into the
release-it
pipeline.
Installation using your projects normal package manager, for example:
# npm
npm install --save-dev @release-it-plugins/lerna-changelog
# yarn add --dev @release-it-plugins/lerna-changelog
Once installed, configure release-it
to use the plugin.
Either via package.json
:
{
"release-it": {
"plugins": {
"@release-it-plugins/lerna-changelog": {}
}
}
}
Or via .release-it.json
:
{
"plugins": {
"@release-it-plugins/lerna-changelog": {}
}
}
@release-it-plugins/lerna-changelog
supports one configuration option, infile
. When
specified, this option represents the file name to prepend changelog
information to during a release.
For example, given the following configuration (in package.json
):
{
"release-it": {
"plugins": {
"@release-it-plugins/lerna-changelog": {
"infile": "CHANGELOG.md",
"launchEditor": true
}
}
}
}
The two options that @release-it-plugins/lerna-changelog
is aware of are:
infile
infile
represents the file to prepend the generated changelog into.
launchEditor
When specified, @release-it-plugins/lerna-changelog
will generate the changelog
then launch the configured editor with a temporary file. This allows the person
doing the release to customize the changelog before continuing.
There are a few valid values for launchEditor
:
false
- Disables the feature.true
- If present the process.env.EDITOR
value will be used as the
command to invoke, if process.env.EDITOR
is not found process.env.PATH
will be searched for a command named editor
(which is commonly used on
Debian / Ubuntu systems to point to the currently configured editor). The
temporary file for editing is added as an argument (i.e.
$EDITOR /some/tmp/file
).${file}
in
your configuration.Each release will run lerna-changelog
and prepend the results into CHANGELOG.md
.
This project is licensed under the MIT License.
v5.0.0 (2022-07-20)
release-it
v15 (@bertdeblock)FAQs
release-it plugin for lerna-changelog
The npm package @release-it-plugins/lerna-changelog receives a total of 5,012 weekly downloads. As such, @release-it-plugins/lerna-changelog popularity was classified as popular.
We found that @release-it-plugins/lerna-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.