Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
commit-stream
Advanced tools
Turn a git log
into a stream of commit objects
commitStream([defaultGithubUser, defaultGithubProject])
Returns an object stream that you can pipe a stream of newlines from the output of git log
to. The output of the stream is a series of objects, each representing a commit from the log.`
Intended to be used on a standard log format (not a simplified one using one of the simplifying --format
options) but it will also process change stats if you git log --stat
.
Typical usage:
import { spawn } from 'node:child_process'
import split2 from 'split2'
import listStream from 'list-stream'
spawn('bash', ['-c', 'git log'])
.stdout.pipe(split2()) // break up by newline characters
.pipe(commitStream('rvagg', 'commit-stream'))
.pipe(listStream.obj(onCommitList))
function onCommitList (err, list) {
// list is an array of objects
}
Commit object properties:
sha
: the full commit shaauthor
: an object representing the author of the commit
name
: the name of the committeremail
: the email of the committerauthors
: a list of such objects representing the authors of the commit, supporting multiple authors through Co-authored-by:
authorDate
: a string representing the date of the original commit by the author (never change)commitDate
: a string representing the date of the last change of the commitsummary
: the one-line summary of the commitdescription
: the free-form text content of the summary, minus specific metadata linesreviewers
: an array containing objects with name
and email
properties if the commit metadata contains reviewers in a Reviewed-By: Foo Bar <baz@boom>
format.changes
: if --stat
data is included in the git log, an object containing change stats:
files
: the number of files changedinsertions
: the number of new lines inserteddeletions
: the number of old lines removedprUrl
: a URL pointing to a pull-request where this change was made if the commit metadata contains a PR-URL: https://github.com/user/project/pull/XX
line. Note that whatever proceeds the PR-URL:
string will be collected in this property; one exception being that if a shortened #XX
version is found and you have supplied defaultGitHubUser
and defaultGitHubProject
arguments to the constructor then a full GitHub pull-request will be reconstituted in its place.ghUser
, ghProject
, ghIssue
: if a proper GitHub pull request is found for the prUrl
property (including shortened #XX
ones), these properties will be added to point to the original user, project and issue (pull-request) for this change, as extracted from the URL. Also, if a commit message line ends with (#XX)
as is done with green-button merges, this will be used.commit-stream is Copyright (c) 2015 Rod Vagg @rvagg and licenced under the MIT licence. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.
FAQs
Turn a `git log` into a stream of commit objects
The npm package commit-stream receives a total of 2,390 weekly downloads. As such, commit-stream popularity was classified as popular.
We found that commit-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.