Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



A CLI tool that automates the process of backporting commits

Version published
Weekly downloads
decreased by-48.32%
Weekly downloads



A CLI tool that automates the process of backporting commits.

🎉 New: The Backport Tool as a Github Action 🎉

A Github Action around The Backport Tool now exists. It makes it a breeze to get automatic backports when pull requests are merged.

Backport CLI tool

The remaining documentation focuses on the Backport CLI tool (not the Github Action) although all configuration options apply to the Github Action too. The only difference is that the CLI tool is interactive and run manually locally, where the Github Action runs automatically.

How it works

  1. Select a commit to backport
  2. Select a branch to backport to
  3. The commit will be cherrypicked, pushed and a pull request created.



  • Node 16 or higher
  • git


npm install -g backport

After installation you should add an access token to the global config in ~/.backport/config.json. See the documentation for how the access token is generated.

Quick start

npm install backport

Add a project config to the root of your repository:

// .backportrc.json
  // Required
  "repoOwner": "elastic",
  "repoName": "kibana",

  // the branches available to backport to
  "targetBranchChoices": ["main", "6.3", "6.2", "6.1", "6.0"],

  // Optional: automatically merge backport PR
  "autoMerge": true,
  "autoMergeMethod": "squash",

  // Optional: Automatically detect which branches a pull request should be backported to based on the pull request labels.
  // In this case, adding the label "auto-backport-to-production" will backport the PR to the "production" branch
  "branchLabelMapping": {
    "^auto-backport-to-(.+)$": "$1"

Add personal access token to global config:

// ~/.backport/config.json
  "accessToken": "ghp_very_secret"


npx backport

This will start an interactive prompt. You can use your keyboards arrow keys to choose options, <space> to select checkboxes and <enter> to proceed.


What is backporting?

Backporting is the action of taking parts from a newer version of a software system [..] and porting them to an older version of the same software. It forms part of the maintenance step in a software development process, and it is commonly used for fixing security issues in older versions of the software and also for providing new features to older versions.


Who is this tool for?

This tools is for anybody who is working on a codebase where they have to maintain multiple versions. If you manually cherry-pick commits from master and apply them to one or more branches, this tool might save you a lot of time.

backport is a CLI tool that will let you backport commit(s) interactively and then cherry-pick and create pull requests automatically. backport will perform all git operations in a temporary folder (~/.backport/repositories/) separate from your working directory, thereby never interfering with any unstages changes your might have.


  • interactively backport one or more commits to one or more branches with an intuitive UI
  • ability to see which commits have been backported and to which branches
  • ability to customize the title, description and labels of the created backport PRs
  • all git operations are handled in a separate directory to not interfere with unstaged files
  • Conflicts are handled gracefully, and hints are provided to help the user understand the source of the conflict
  • backport a commit by specifying a PR: backport --pr 1337
  • list and backport commits by a particular user: backport --author john
  • list and backport commits by a particular path: backport --path src/plugins/chatbot
  • list PRs filtered by a query: backport --pr-filter label:backport-v2 (will list commits from PRs with the label "backport-v2")
  • forward port commits: backport --source-branch 7.x --branch master (will forwardport from 7.x to master)
  • backport merge commits: backport --mainline





Last updated on 07 May 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc