Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
changelogen
Advanced tools
Generate Beautiful Changelogs using Conventional Commits
Generate a changelog in Markdown format and display in the console:
npx changelogen@latest
Generate a changelog, bump the version in package.json
and update CHANGELOG.md
(without commit):
npx changelogen@latest --bump
Bump the version, update CHANGELOG.md
and make a git commit and tag:
npx changelogen@latest --release
npx changelogen@latest [...args] [--dir <dir>]
Arguments:
--from
: Start commit reference. When not provided, latest git tag will be used as default.--to
: End commit reference. When not provided, latest commit in HEAD will be used as default.--dir
: Path to git repository. When not provided, current working directory will be used as as default.--clean
: Determine if the working directory is clean and if it is not clean, exit.--output
: Changelog file name to create or update. Defaults to CHANGELOG.md
and resolved relative to dir. Use --no-output
to write to console only.--bump
: Determine semver change and update version in package.json
.--release
. Bumps version in package.json
and creates commit and git tags using local git
. You can disable commit using --no-commit
and tag using --no-tag
. You can enable the automatic push of the new tag and release commit to your git repository by adding --push
.--publish
. Publishes package as a new version on npm
. You will need to set authorisation tokens separately via .npmrc
or environment variables.--publishTag
Use custom npm tag for publishing (Default is latest
)--nameSuffix
: Adds suffix to package name (Example: --nameSuffix canary
renames foo
to foo-canary
)--versionSuffix
: Adds suffix to package version. When set without value or to true
, uses date + commit hash as commit--canary
. Shortcut to --bump --versionSuffix
(--nameSuffix
will be also added if arg has a string value).-r
: Release as specific version.--major
: Bump as a semver-major version--minor
: Bump as a semver-minor version--patch
: Bump as a semver-patch version--premajor
: Bump as a semver-premajor version, can set id with string.--preminor
: Bump as a semver-preminor version, can set id with string.--prepatch
: Bump as a semver-prepatch version, can set id with string.--prerelease
: Bump as a semver-prerelease version, can set id with string.changelogen gh release
Changelogen has built-in functionality to sync with with Github releases.
In order to manually sync a release, you can use changelogen gh release
. It will parse current CHANGELOG.md
from current repository (local, then remote) and create or update releases.
Usage:
npx changelogen@latest gh release [all|versions...] [--dir] [--token]
To enable this integration, make sure there is a valid repository
field in package.json
or repo
is set in .changelogenrc
.
By default in unauthenticated mode, changelogen will open a browser link to make manual release. By providing github token, it can be automated.
.env
, use CHANGELOGEN_TOKENS_GITHUB
or GITHUB_TOKEN
or GH_TOKEN
--token <token>
tokens.github=<token>
inside ~/.changlogenrc
gh auth login
Configuration is loaded by unjs/c12 from cwd. You can use either changelog.config.json
, changelog.config.{ts,js,mjs,cjs}
, .changelogrc
or use the changelog
field in package.json
.
See ./src/config.ts for available options and defaults.
corepack enable
(use npm i -g corepack
for Node.js < 16.10)pnpm install
pnpm dev
Made with 💛
Published under MIT License.
v0.5.6
execa
with execSync
(#222)FAQs
Generate Beautiful Changelogs using Conventional Commits
The npm package changelogen receives a total of 26,638 weekly downloads. As such, changelogen popularity was classified as popular.
We found that changelogen demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.