Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@theo.gravity/version-bump
Advanced tools
Version bump package.json (or a version file) via various plugins (eg cli, git, etc).
Version bump package.json (or a file with a version
property) via various version bump plugins/strategies.
package.json
or any file with a version
property using semver rules.npm version
(git
support is a separate plugin)npm install -g @theo.gravity/version-bump
This package comes with the cli
version bump strategy included. You can use it via:
version-bump cli --bump <type>
Where <type>
is one of the following:
major
minor
patch
pre-major
pre-minor
pre-patch
pre-release
pre-*:<colon-sep-tags> (pre-release:alpha:rc)
build-release
build-release:<colon-sep-tags> (build-release:qa)
Default is patch level, unless pre/build exists.
If pre/build exists:
To use version-bump
, a strategy must be selected. You can see a list of options and strategies by
calling version-bump
without any options.
$ version-bump
Commands:
version-bump cli [bump] Performs a version bump based on the --bump flag
Options:
--version Show version number [boolean]
--projectRoot The project root where the version file is found. Default is process.cwd()
[default: "/Users/t.gravity/sixfive-cs/version-bump"]
--configFile Name of the optional config file, relative to projectRoot. [default: ".version-bump.js"]
--versionFile The relative path to the JSON version file from projectRoot that contains the "version" property.
[default: "package.json"]
--help Show help [boolean]
$ version-bump cli --help
Performs a version bump based on the --bump flag
Positionals:
bump Version type to bump.
Values can be:
* major
* minor
* patch
* pre-major
* pre-minor
* pre-patch
* pre-release
* pre-*:<colon-sep-tags> (pre-release:alpha:rc)
* build-release
* build-release:<colon-sep-tags> (build-release:qa)
Default is the lowest version possible.
Options:
--version Show version number [boolean]
--projectRoot The project root where the version file is found. Default is process.cwd()
[default: "/Users/t.gravity/sixfive-cs/version-bump"]
--configFile Name of the optional config file, relative to projectRoot. [default: ".version-bump.js"]
--versionFile The relative path to the JSON version file from projectRoot that contains the "version" property.
[default: "package.json"]
--help Show help [boolean]
To spare yourself from having to specify command line options each time, you can use a custom config file.
Place .version-bump.js
in the root of your project.
(The file name can be configured with the --configFile
option, which is relative to --projectRoot
.)
If detected, version-bump
will derive options from this file.
With the exception of projectRoot
, options defined on the command line will take
precedence.
// This is an optional configuration file
// you can use with changelog-version.
// If specified, any command line args has priority over the
// values returned in this file.
// All values are optional.
// Do not use the ES6 export default
// since the file is imported using require()
// See command line options for additional available properties
module.exports = {
// (required) Name of the strategy as found in the strategy list in the CLI
strategy: 'cli',
// (optional) Root of the project where the version file is found
// default is process.cwd()
projectRoot: () => {
return process.cwd()
},
/**
* (optional)
* This is called after the version has been incremented
* and before the version data is to be converted to a string and saved
* to the version file
* Use the opportunity to do any custom-work to the version data
* eg add a pre-release string, or build string
* @param {object} versionData
* @param {number} versionData.major
* @param {number} versionData.minor
* @param {number} versionData.patch
* @param {array|undefined} versionData.pre Ex: ['alpha', 1] becomes x.x.x-alpha.1
* @param {array|undefined} versionData.build Ex: ['qa', 1234] becomes x.x.x+qa.1234
* @returns {object}
*/
onBeforeRelease: (versionData) => {
versionData.pre = ['alpha', 1]
return versionData
},
// (optional) Version file starting from projectRoot
// default is package.json
versionFile: 'myVersionFile.json',
// Options specific to the strategy you are using
// root properties can be set to straight values, or (async) functions that return a value
// this corresponds to the --bump option
bump: () => {
return 'minor'
}
}
With the options above, if myVersionFile.json
contained the following:
{
version: '1.2.3'
}
The above configuration does the following:
cli
bump
parameter of the cli
strategy is set to minor
, so the minor version will bumpalpha.1
is added to the version stamp due to the onBeforeRelease
callbackThis results in:
{
version: '1.3.0-alpha.1'
}
Aside from the command line options, the config file offers additional properties:
async onBeforeRelease(versionData)
: versionDataThis is called after the version has been incremented, but before the final write of the version to the file.
You must return the original or updated versionData
.
You can find other strategies by searching for
version-bump-plugin
on npm.
Once you've found the strategy you want, you simply add it by installing it to your node modules directory.
npm install version-bump-plugin-git
You should be able to see the list of strategies by doing
version-bump
In the command line.
FAQs
Version bump package.json (or a version file) via various plugins (eg cli, git, etc).
The npm package @theo.gravity/version-bump receives a total of 511 weekly downloads. As such, @theo.gravity/version-bump popularity was classified as not popular.
We found that @theo.gravity/version-bump demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.