Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
changelog-keeper2
Advanced tools
Don’t let your friends dump git logs into changelogs. Generate a changelog from manually writen changes according to https://keepachangelog.com.
Don’t let your friends dump git logs into changelogs.
This tool helps you write changelogs that adhere to https://keepachangelog.com.
The main features are:
There are 2 main commands - add
and release
. Adding a changelog will generate a JSON file that contains all provided information per change. Releasing will compile all generated JSON files into markdown, insert them into CHANGELOG.md and TESTINGNOTES.md, then delete JSON files. After that, you can decide to commit the changes and/or adjust generated markdown files.
npm i changelog-keeper2
or
yarn add changelog-keeper2
To add a change, run changelog-keeper add
. It lets you create a change interactively or via flags and generates a JSON file with the information you provided. That file contains information for a single change and should be checked into the version control so that your Pull Requests always come along with the change files.
To release a new version, run changelog-keeper release
. After you specify a version you want to release, it generates markdown text for changelog and testing notes and inserts them into CHANGELOG.md and TESTINGNOTES.md files. After that, it removes the original JSON files it used.
By default, the root
directory is the directory you run the changelog-keeper from (current working directory). JSON files with changes are saved into {root}/.changelog-keeper
directory. The root directory is also expected to have {root}/TESTINGNOTES.md
and {root}/CHANGELOG.md
files, but you can configure all that by creating a .changelog-keeperrc.json
file in the root of your project.
{
"changesPath": "{pathToChangesDirectory}", // the directory where all change files will be saved
"changelogPath": "{changelogPath}", // path to CHANGELOG.md file, by default its `{root}/CHANGELOG.md`
"testingNotesPath": "{testingNotesPath}", // path to TESTINGNOTES.md file, by default its `{root}/TESTINGNOTES.md`
"changeTemplatePath": "{pathToTemplate}", // by default a built-in template is used, but you can provide your own
"unreleasedMarker": "## Unreleased", // text we replace with a new release in both changelog and testingnotes.
"tags": [] // Array of tags you want the user to apply when adding a change. Multiple tags can be selected and it is required to select at least one, once defined in this config.
}
You can use any external editor of your choice by defining the EDITOR
environment variable. The same variable is used by git
.
If you want to use vscode
, make sure to pass --wait
option.
When CLI asks you to edit text and you selected "External Editor" - it will open your editor and once you entered and saved the changes, you need to close the editor tab to proceed with the CLI input.
Please create an issue before submitting a PR to ensure maintainers agree upon the change, unless its a very minor change.
Make sure tests pass and your change is relflected by the new test (test has to fail without the source changes)
yarn test
- run the tests with jest
yarn test --watch
- run the tests and watch changes
Provide a changelog entry by running yarn changelog:add
with each PR.
Run yarn checks
for all static checks
FAQs
Don’t let your friends dump git logs into changelogs. Generate a changelog from manually writen changes according to https://keepachangelog.com.
We found that changelog-keeper2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.