Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

commit-and-tag-version

Package Overview
Dependencies
Maintainers
0
Versions
23
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

commit-and-tag-version

replacement for `npm version` with automatic CHANGELOG generation

  • 12.4.2
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
44K
decreased by-61.1%
Maintainers
0
Weekly downloads
 
Created
Source

Commit and Tag Version

commit-and-tag-version is a fork of standard-version. Because of maintainer availability, standard-version was deprecated on 15th May 2022. The previous maintainer recommends release-please as an alternative for those who are using GitHub actions. This fork exists for those who can't switch to release-please, or who would like to continue using standard-version.

Can I simply swap the library to migrate? To migrate, you can drop in commit-and-tag-version in place of standard-version. There are no changes in 9.5.0, other than to add the package.json config key commit-and-tag-version (the previous configuration key standard-version will still work). 10.x drops support for deprecated node versions, 11.x is a formatting change if you're relying on the exact markdown format in the changelog, and 12.x drops support for node 14/16.

Why was it renamed commit-and-tag-version?. I didn't want to scope the package or name it standard-version-fork, and it was a good opportunity to make the purpose of the tool clearer. I also wanted to distinguish it from the other tool in this organisation, absolute-version, which just prints version information for pre-releases.

A utility for versioning using semver and CHANGELOG generation powered by Conventional Commits.

ci NPM version codecov Conventional Commits Community slack

Having problems? Want to contribute? Join us on the node-tooling community Slack.

How It Works

  1. Follow the Conventional Commits Specification in your repository.
  2. When you're ready to release, run commit-and-tag-version.

commit-and-tag-version will then do the following:

  1. Retrieve the current version of your repository by looking at packageFiles[1], falling back to the last git tag.
  2. bump the version in bumpFiles[1] based on your commits.
  3. Generates a changelog based on your commits (uses conventional-changelog under the hood).
  4. Creates a new commit including your bumpFiles[1] and updated CHANGELOG.
  5. Creates a new tag with the new version number.

bumpFiles, packageFiles and updaters

commit-and-tag-version uses a few key concepts for handling version bumping in your project.

  • packageFiles – User-defined files where versions can be read from and be "bumped".
    • Examples: package.json, manifest.json
    • In most cases (including the default), packageFiles are a subset of bumpFiles.
  • bumpFiles – User-defined files where versions should be "bumped", but not explicitly read from.
    • Examples: package-lock.json, npm-shrinkwrap.json
  • updaters – Simple modules used for reading packageFiles and writing to bumpFiles.

By default, commit-and-tag-version assumes you're working in a NodeJS based project... because of this, for the majority of projects you might never need to interact with these options.

That said, if you find your self asking How can I use commit-and-tag-version for additional metadata files, languages or version files? – these configuration options will help!

Maven Support (Java/Kotlin)

If you are using Maven, then just point to your pom.xml file.

commit-and-tag-version --packageFiles pom.xml --bumpFiles pom.xml

Gradle Support (Java/Kotlin)

If you are using Gradle, then just point to your build.gradle file (or build.gradle.kts if using Kotlin DSL).

commit-and-tag-version --packageFiles build.gradle --bumpFiles build.gradle

.NET Support

If you are using .NET with .csproj files. This is going to read and update only the <Version> tag in the file.

commit-and-tag-version --packageFiles <YOUR-PROJECT-NAME>.csproj --bumpFiles <YOUR-PROJECT-NAME>.csproj

YAML Support

If you are using YAML files. This is going to read and update only the version: tag in the file.

commit-and-tag-version --packageFiles file.yaml --bumpFiles file.yaml

OpenAPI Support

If you are using OpenAPI, then just point to your openapi.yaml file.

commit-and-tag-version --packageFiles openapi.yaml --bumpFiles openapi.yaml

Installing commit-and-tag-version

As a local npm run script

Install and add to devDependencies:

npm i --save-dev commit-and-tag-version

Add an npm run script to your package.json:

{
  "scripts": {
    "release": "commit-and-tag-version"
  }
}

Now you can use npm run release in place of npm version.

This has the benefit of making your repo/package more portable, so that other developers can cut releases without having to globally install commit-and-tag-version on their machine.

As global bin

Install globally (add to your PATH):

npm i -g commit-and-tag-version

Now you can use commit-and-tag-version in place of npm version.

This has the benefit of allowing you to use commit-and-tag-version on any repo/package without adding a dev dependency to each one.

Using npx

As of npm@5.2.0, npx is installed alongside npm. Using npx you can use commit-and-tag-version without having to keep a package.json file by running: npx commit-and-tag-version.

This method is especially useful when using commit-and-tag-version in non-JavaScript projects.

Configuration

You can configure commit-and-tag-version either by:

  1. Placing a commit-and-tag-version stanza in your package.json (assuming your project is JavaScript).

    Note for users who have migrated to commit-and-tag-version from standard-version: the previous package.json configuration key of standard-version will still work.

  2. Creating a .versionrc, .versionrc.json or .versionrc.js.

  • If you are using a .versionrc.js your default export must be a configuration object, or a function returning a configuration object.

Any of the command line parameters accepted by commit-and-tag-version can instead be provided via configuration. Please refer to the conventional-changelog-config-spec for details on available configuration options.

Customizing CHANGELOG Generation

By default, commit-and-tag-version uses the conventionalcommits preset.

This preset adheres closely to the conventionalcommits.org specification.

Suppose you're using GitLab, rather than GitHub, you might modify the following variables:

  • commitUrlFormat: the URL format of commit SHAs detected in commit messages.
  • compareUrlFormat: the URL format used to compare two tags.
  • issueUrlFormat: the URL format used to link to issues.

Making these URLs match GitLab's format, rather than GitHub's.

Deeper customization

You can override both parser and writer options (they will be merged into the preset we just mentioned). As an example, to list commits in the order that they were committed:

{
  "commit-and-tag-version": {
    "writerOpts": {
      "commitsSort": false
    }
  }
}

CLI Usage

NOTE: To pass nested configurations to the CLI without defining them in the package.json use dot notation as the parameters e.g. --skip.changelog.

First Release

To generate your changelog for your first release, simply do:

# npm run script
npm run release -- --first-release
# global bin
commit-and-tag-version --first-release
# npx
npx commit-and-tag-version --first-release

This will tag a release without bumping the version bumpFiles1.

When you are ready, push the git tag and npm publish your first release. \o/

Cutting Releases

If you typically use npm version to cut a new release, do this instead:

# npm run script
npm run release
# or global bin
commit-and-tag-version

As long as your git commit messages are conventional and accurate, you no longer need to specify the semver type - and you get CHANGELOG generation for free! \o/

After you cut a release, you can push the new git tag and npm publish (or npm publish --tag next) when you're ready.

Release as a Pre-Release

Use the flag --prerelease to generate pre-releases:

Suppose the last version of your code is 1.0.0, and your code to be committed has patched changes. Run:

# npm run script
npm run release -- --prerelease

This will tag your version as: 1.0.1-0.

If you want to name the pre-release, you specify the name via --prerelease <name>.

For example, suppose your pre-release should contain the alpha prefix:

# npm run script
npm run release -- --prerelease alpha

This will tag the version as: 1.0.1-alpha.0

Release as a Target Type Imperatively (npm version-like)

To forgo the automated version bump use --release-as with the argument major, minor or patch.

Suppose the last version of your code is 1.0.0, you've only landed fix: commits, but you would like your next release to be a minor. Simply run the following:

# npm run script
npm run release -- --release-as minor
# Or
npm run release -- --release-as 1.1.0

You will get version 1.1.0 rather than what would be the auto-generated version 1.0.1.

NOTE: you can combine --release-as and --prerelease to generate a release. This is useful when publishing experimental feature(s).

Prevent Git Hooks

If you use git hooks, like pre-commit, to test your code before committing, you can prevent hooks from being verified during the commit step by passing the --no-verify option:

# npm run script
npm run release -- --no-verify
# or global bin
commit-and-tag-version --no-verify

Signing Commits and Tags

If you have your GPG key set up, add the --sign or -s flag to your commit-and-tag-version command.

Signed-off-by trailer

To add the "Signed-off-by" trailer to the commit message add the --signoff flag to your commit-and-tag-version command.

Lifecycle Scripts

commit-and-tag-version supports lifecycle scripts. These allow you to execute your own supplementary commands during the release. The following hooks are available and execute in the order documented:

  • prerelease: executed before anything happens. If the prerelease script returns a non-zero exit code, versioning will be aborted, but it has no other effect on the process.
  • prebump/postbump: executed before and after the version is bumped. If the prebump script returns a version #, it will be used rather than the version calculated by commit-and-tag-version.
  • prechangelog/postchangelog: executes before and after the CHANGELOG is generated.
  • precommit/postcommit: called before and after the commit step.
  • pretag/posttag: called before and after the tagging step.

Simply add the following to your package.json to configure lifecycle scripts:

{
  "commit-and-tag-version": {
    "scripts": {
      "prebump": "echo 9.9.9"
    }
  }
}

As an example to change from using GitHub to track your items to using your projects Jira use a postchangelog script to replace the url fragment containing 'https://github.com/`myproject`/issues/' with a link to your Jira - assuming you have already installed replace

{
  "commit-and-tag-version": {
    "scripts": {
      "postchangelog": "replace 'https://github.com/myproject/issues/' 'https://myjira/browse/' CHANGELOG.md"
    }
  }
}

Skipping Lifecycle Steps

You can skip any of the lifecycle steps (bump, changelog, commit, tag), by adding the following to your package.json:

{
  "commit-and-tag-version": {
    "skip": {
      "changelog": true
    }
  }
}

Committing Generated Artifacts in the Release Commit

If you want to commit generated artifacts in the release commit, you can use the --commit-all or -a flag. You will need to stage the artifacts you want to commit, so your release command could look like this:

{
  "commit-and-tag-version": {
    "scripts": {
      "prerelease": "webpack -p --bail && git add <file(s) to commit>"
    }
  }
}
{
  "scripts": {
    "release": "commit-and-tag-version -a"
  }
}

Dry Run Mode

running commit-and-tag-version with the flag --dry-run allows you to see what commands would be run, without committing to git or updating files.

# npm run script
npm run release -- --dry-run
# or global bin
commit-and-tag-version --dry-run

Prefix Tags

Tags are prefixed with v by default. If you would like to prefix your tags with something else, you can do so with the -t flag.

commit-and-tag-version -t @scope/package\@

This will prefix your tags to look something like @scope/package@2.0.0

If you do not want to have any tag prefix you can use the -t flag and provide it with an empty string as value.

Note: simply -t or --tag-prefix without any value will fallback to the default 'v'

Tag replacement

If you've already run commit-and-tag-version when creating your release, you may want to alter the release content and changelog without bumping the version, by using commit-and-tag-version --skip.bump. By default, tagging with an already existing tag make git fails. You can add the --tag-force flag to make use of -f option when calling git tag, then the existing version tag will be replaced.

Generate changelogs for old releases

Normally only the changelog for the last release will be generated and prepended to the changelog.md. If you want to generate changelogs for previous releases you can do so by setting the releaseCount option like described here.

When setting releaseCount=0 the whole changelog gets regenerated and replaced.

You can set the option either in the.versionrc file or inside package.json like below

//.versionrc
{
  "releaseCount": 0
}

//package.json

"commit-and-tag-version": {
  "releaseCount": 0
}

CLI Help

# npm run script
npm run release -- --help
# or global bin
commit-and-tag-version --help

Code Usage

const commitAndTagVersion = require("commit-and-tag-version");

// Options are the same as command line, except camelCase
// commitAndTagVersion returns a Promise
commitAndTagVersion({
  noVerify: true,
  infile: "docs/CHANGELOG.md",
  silent: true,
})
  .then(() => {
    // commit-and-tag-version is done
  })
  .catch((err) => {
    console.error(`commit-and-tag-version failed with message: ${err.message}`);
  });

TIP: Use the silent option to prevent commit-and-tag-version from printing to the console.

FAQ

How is commit-and-tag-version different from semantic-release?

semantic-release is described as:

semantic-release automates the whole package release workflow including: determining the next version number, generating the release notes and publishing the package.

While both are based on the same foundation of structured commit messages, commit-and-tag-version takes a different approach by handling versioning, changelog generation, and git tagging for you without automatic pushing (to GitHub) or publishing (to an npm registry). Use of commit-and-tag-version only affects your local git repo - it doesn't affect remote resources at all. After you run commit-and-tag-version, you can review your release state, correct mistakes and follow the release strategy that makes the most sense for your codebase.

We think they are both fantastic tools, and we encourage folks to use semantic-release instead of commit-and-tag-version if it makes sense for their use-case.

Should I always squash commits when merging PRs?

The instructions to squash commits when merging pull requests assumes that one PR equals, at most, one feature or fix.

If you have multiple features or fixes landing in a single PR and each commit uses a structured message, then you can do a standard merge when accepting the PR. This will preserve the commit history from your branch after the merge.

Although this will allow each commit to be included as separate entries in your CHANGELOG, the entries will not be able to reference the PR that pulled the changes in because the preserved commit messages do not include the PR number.

For this reason, we recommend keeping the scope of each PR to one general feature or fix. In practice, this allows you to use unstructured commit messages when committing each little change and then squash them into a single commit with a structured message (referencing the PR number) once they have been reviewed and accepted.

Can I use commit-and-tag-version for additional metadata files, languages or version files?

You can configure multiple bumpFiles and packageFiles:

  1. Specify a custom bumpFile "filename", this is the path to the file you want to "bump"
  2. Specify the bumpFile "updater", this is how the file will be bumped. a. If you're using a common type, you can use one of commit-and-tag-version's built-in updaters by specifying a type. b. If your using an less-common version file, you can create your own updater.
// .versionrc
{
  "bumpFiles": [
    {
      "filename": "MY_VERSION_TRACKER.txt",
      // The `plain-text` updater assumes the file contents represents the version.
      "type": "plain-text"
    },
    {
      "filename": "a/deep/package/dot/json/file/package.json",
      // The `json` updater assumes the version is available under a `version` key in the provided JSON document.
      "type": "json"
    },
    {
      "filename": "VERSION_TRACKER.json",
      //  See "Custom `updater`s" for more details.
      "updater": "commit-and-tag-version-updater.js"
    }
  ]
}

If using .versionrc.js as your configuration file, the updater may also be set as an object, rather than a path:

// .versionrc.js
const tracker = {
  filename: "VERSION_TRACKER.json",
  updater: require("./path/to/custom-version-updater"),
};

module.exports = {
  bumpFiles: [tracker],
  packageFiles: [tracker],
};
Custom updaters

An updater is expected to be a Javascript module with atleast two methods exposed: readVersion and writeVersion.

readVersion(contents = string): string

This method is used to read the version from the provided file contents.

The return value is expected to be a semantic version string.

writeVersion(contents = string, version: string): string

This method is used to write the version to the provided contents.

The return value will be written directly (overwrite) to the provided file.


Let's assume our VERSION_TRACKER.json has the following contents:

{
  "tracker": {
    "package": {
      "version": "1.0.0"
    }
  }
}

An acceptable commit-and-tag-version-updater.js would be:

// commit-and-tag-version-updater.js
const stringifyPackage = require("stringify-package");
const detectIndent = require("detect-indent");
const detectNewline = require("detect-newline");

module.exports.readVersion = function (contents) {
  return JSON.parse(contents).tracker.package.version;
};

module.exports.writeVersion = function (contents, version) {
  const json = JSON.parse(contents);
  let indent = detectIndent(contents).indent;
  let newline = detectNewline(contents);
  json.tracker.package.version = version;
  return stringifyPackage(json, indent, newline);
};

Why do breaking changes before 1.0.0 not trigger a 1.0.0 release?

Below 1.0.0, the semver specification doesn't give any guarantees about the meaning of version numbers. However, with npm there is a community convention, and implementation-defined behaviour: If your version is between 0.1.0 and 1.0.0, npm treats an update to the minor version as a breaking change - that is ^0.1.0 will match 0.1.2 but not 0.2.0. Rust's cargo package manager also behaves the same way.

This tool (via conventional-commits) also follows that convention - breaking changes below v1.0.0 are treated as a minor version bump. Here's an example series of commits with tagged versions:

1017b00 chore: initial commit
9e2ba95 (tag: v0.0.2) chore(release): 0.0.2
3598012 fix!: Example breaking change
1a4994a (tag: v0.1.0) chore(release): 0.1.0

Semver's only guarantee is "all bets are off", but npm has made a choice about what bets to make. commit-and-tag-version follows the same convention (along with other package managers for other ecosystems).

When you are ready to release v1.0.0, add --release-as 1.0.0 to the options.

License

ISC

Keywords

FAQs

Package last updated on 25 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc