Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
commitizen
Advanced tools
Commitizen is a tool that helps you write consistent and conventional commit messages. It provides a command-line interface (CLI) to guide you through the process of creating commit messages that follow a specified convention, such as the Angular commit message guidelines.
Interactive Commit Prompts
Commitizen provides an interactive CLI that prompts you to fill out the different parts of a commit message, ensuring that your commits follow a specified convention. Running `npx cz` will start the interactive prompt.
npx cz
Custom Adapters
Commitizen supports custom adapters that define different commit message conventions. For example, you can initialize the `cz-conventional-changelog` adapter to follow the Angular commit message guidelines.
npx commitizen init cz-conventional-changelog --save-dev --save-exact
Configuration
Commitizen allows you to configure the adapter in your project's `package.json` file. This configuration tells Commitizen which adapter to use for generating commit messages.
{
"config": {
"commitizen": {
"path": "./node_modules/cz-conventional-changelog"
}
}
}
Commitlint checks if your commit messages meet the conventional commit format. It can be used in conjunction with Commitizen to enforce commit message conventions. While Commitizen helps you write commit messages, Commitlint ensures that they adhere to the specified guidelines.
Standard Version is a tool for versioning and changelog generation based on conventional commit messages. It automates the process of version bumping and changelog generation, which complements Commitizen's functionality of creating consistent commit messages.
Semantic Release automates the versioning and package publishing process based on the commit messages. It uses the same conventional commit guidelines that Commitizen helps enforce, making it a good companion tool for automating releases.
When you commit with Commitizen, you'll be prompted to fill out any required commit fields at commit time. No more waiting until later for a git commit hook to run and reject your commit (though that can still be helpful). No more digging through CONTRIBUTING.md to find what the preferred format is. Get instant feedback on your commit message formatting and be prompted for required fields.
Commitizen is currently tested against Node.js 12, 14, & 16, although it may work in older versions of Node.js. You should also have npm 6 or greater.
Installation is as simple as running the following command (if you see EACCES
error, reading fixing npm permissions may help):
npm install -g commitizen
Simply use git cz
or just cz
instead of git commit
when committing. You can also use git-cz
, which is an alias for cz
.
Alternatively, if you are using npm 5.2+ you can use npx
instead of installing globally:
npx cz
or as an npm script:
...
"scripts": {
"commit": "cz"
}
When you're working in a Commitizen-friendly repository, you'll be prompted to fill in any required fields, and your commit messages will be formatted according to the standards defined by project maintainers.
If you're not working in a Commitizen-friendly repository, then git cz
will work just the same as git commit
, but npx cz
will use the streamich/git-cz adapter. To fix this, you need to first make your repo Commitizen friendly
For this example, we'll be setting up our repo to use AngularJS's commit message convention, also known as conventional-changelog.
First, install the Commitizen CLI tools:
npm install commitizen -g
Next, initialize your project to use the cz-conventional-changelog adapter by typing:
# npm
commitizen init cz-conventional-changelog --save-dev --save-exact
# yarn
commitizen init cz-conventional-changelog --yarn --dev --exact
# pnpm
commitizen init cz-conventional-changelog --pnpm --save-dev --save-exact
Note that if you want to force install over the top of an old adapter, you can apply the --force
argument. For more information on this, just run commitizen help
.
The above command does three things for you:
package.json
's dependencies
or devDependencies
config.commitizen
key to the root of your package.json
file as shown here:...
"config": {
"commitizen": {
"path": "cz-conventional-changelog"
}
}
Alternatively, Commitizen configs may be added to a .czrc
file:
{
"path": "cz-conventional-changelog"
}
This just tells Commitizen which adapter we actually want our contributors to use when they try to commit to this repo.
commitizen.path
is resolved via require.resolve and supports:
process.cwd()
containing an index.js
fileprocess.cwd()
with .js
extensionPlease note that in the previous version of Commitizen we used czConfig. czConfig has been deprecated, and you should migrate to the new format before Commitizen 3.0.0.
Installing and running Commitizen locally allows you to make sure that developers are running the exact same version of Commitizen on every machine.
Install Commitizen with npm install --save-dev commitizen
.
On npm 5.2+ you can use npx
to initialize the conventional changelog adapter:
npx commitizen init cz-conventional-changelog --save-dev --save-exact
For previous versions of npm (< 5.2) you can execute ./node_modules/.bin/commitizen
or ./node_modules/.bin/cz
in order to actually use the commands.
You can then initialize the conventional changelog adapter using: ./node_modules/.bin/commitizen init cz-conventional-changelog --save-dev --save-exact
And you can then add some nice npm scripts in your package.json
file pointing to the local version of Commitizen:
...
"scripts": {
"commit": "cz"
}
This will be more convenient for your users because then if they want to do a commit, all they need to do is run npm run commit
and they will get the prompts needed to start a commit!
NOTE: If you are using
precommit
hooks thanks to something likehusky
, you will need to name your script something other than"commit"
(e.g."cm": "cz"
). The reason is because npm scripts has a "feature" where it automatically runs scripts with the name prexxx where xxx is the name of another script. In essence, npm and husky will run"precommit"
scripts twice if you name the script"commit"
, and the workaround is to prevent the npm-triggered precommit script.
git commit
This example shows how to incorporate Commitizen into the existing git commit
workflow by using git hooks and the --hook
command-line option. This is useful for project maintainers
who wish to ensure the proper commit format is enforced on contributions from those unfamiliar with Commitizen.
Once either of these methods is implemented, users running git commit
will be presented with an interactive Commitizen session that helps them write useful commit messages.
NOTE: This example assumes that the project has been set up to use Commitizen locally.
Update .git/hooks/prepare-commit-msg
with the following code:
#!/bin/bash
exec < /dev/tty && node_modules/.bin/cz --hook || true
For husky
users, add the following configuration to the project's package.json
file:
"husky": {
"hooks": {
"prepare-commit-msg": "exec < /dev/tty && npx cz --hook || true"
}
}
Why
exec < /dev/tty
? By default, git hooks are not interactive. This command allows the user to use their terminal to interact with Commitizen during the hook.
Add the "Commitizen friendly" badge to your README using the following markdown:
[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)
Your badge will look like this:
It may also make sense to change your README.md
or CONTRIBUTING.md
files to include or link to the Commitizen project so that your new contributors may learn more about installing and using Commitizen.
Install commitizen
globally, if you have not already.
npm install -g commitizen
Install your preferred commitizen
adapter globally (for example cz-conventional-changelog
).
npm install -g cz-conventional-changelog
Create a .czrc
file in your home
directory, with path
referring to the preferred, globally-installed, commitizen
adapter
echo '{ "path": "cz-conventional-changelog" }' > ~/.czrc
You are all set! Now cd
into any git
repository and use git cz
instead of git commit
, and you will find the commitizen
prompt.
Pro tip: You can use all the git commit
options
with git cz
. For example: git cz -a
.
If your repository is a Node.js project, making it Commitizen friendly is super easy.
If your repository is already Commitizen friendly, the local commitizen
adapter will be used, instead of globally installed one.
As a project maintainer of many projects, you may want to standardize on a single commit message format for all of them. You can create your own node module which acts as a front-end for Commitizen.
// my-cli.js
#!/usr/bin/env node
"use strict";
const path = require('path');
const bootstrap = require('commitizen/dist/cli/git-cz').bootstrap;
bootstrap({
cliPath: path.join(__dirname, '../../node_modules/commitizen'),
// this is new
config: {
"path": "cz-conventional-changelog"
}
});
package.json
file// package.json
{
"name": "company-commit",
"bin": "./my-cli.js",
"dependencies": {
"commitizen": "^2.7.6",
"cz-conventional-changelog": "^1.1.5"
}
}
npm install --save-dev company-commit
./node_modules/.bin/company-commit
We know that every project and build process has different requirements, so we've tried to keep Commitizen open for extension. You can do this by choosing from any of the pre-built adapters or even by building your own. Here are some of the great adapters available to you:
To create an adapter, just fork one of these great adapters and modify it to suit your needs. We pass you an instance of Inquirer.js, but you can capture input using whatever means necessary. Just call the commit
callback with a string and we'll be happy. Publish it to npm, and you'll be all set!
As of version 2.7.1, you may attempt to retry the last commit using the git cz --retry
command. This can be helpful when you have tests set up to run via a git precommit hook. In this scenario, you may have attempted a Commitizen commit, painstakingly filled out all of the commitizen fields, but your tests fail. In previous Commitizen versions, after fixing your tests, you would be forced to fill out all of the fields again. Enter the retry command. Commitizen will retry the last commit that you attempted in this repo without you needing to fill out the fields again.
Please note that the retry cache may be cleared when upgrading Commitizen versions, upgrading adapters, or if you delete the commitizen.json
file in your home or temp directory. Additionally, the commit cache uses the filesystem path of the repo, so if you move a repo or change its path, you will not be able to retry a commit. This is an edge case but might be confusing if you have scenarios where you are moving folders that contain repos.
It is important to note that if you are running cz
from an npm script (let's say it is called commit
) you will need to do one of the following:
-- --retry
as an argument for your script. i.e: npm run commit -- --retry
cz
executable directly. i.e: npx cz --retry
Note that the last two options do not require you to pass --
before the args but the first does.
As a project maintainer, making your repo Commitizen friendly allows you to select pre-existing commit message conventions or to create your own custom commit message convention. When a contributor to your repo uses Commitizen, they will be prompted for the correct fields at commit time.
Commitizen is great on its own, but it shines when you use it with some other amazing open source tools. Kent C. Dodds shows you how to accomplish this in his Egghead.io series, How to Write an Open Source JavaScript Library. Many of the concepts can be applied to non-JavaScript projects as well.
Commitizen is an open source project that helps contributors be good open source citizens. It accomplishes this by prompting them to follow commit message conventions at commit time. It also empowers project maintainers to create or use predefined commit message conventions in their repos to better communicate their expectations to potential contributors.
Both! Commitizen is not meant to be a replacement for git commit hooks. Rather, it is meant to work side-by-side with them to ensure a consistent and positive experience for your contributors. Commitizen treats the commit command as a declarative action. The contributor is declaring that they wish to contribute to your project. It is up to you as the maintainer to define what rules they should be following.
We accomplish this by letting you define which adapter you'd like to use in your project. Adapters just allow multiple projects to share the same commit message conventions. A good example of an adapter is the cz-conventional-changelog adapter.
@JimTheDev (Jim Cummins, author) @kentcdodds @accraze @kytwb @Den-dp
Special thanks to @stevelacy, whose gulp-git project makes commitizen possible.
This project exists thanks to all the people who contribute. [Contribute].
Thank you to all our backers! 🙏 [Become a backer]
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
FAQs
Git commit, but play nice with conventions.
The npm package commitizen receives a total of 748,634 weekly downloads. As such, commitizen popularity was classified as popular.
We found that commitizen demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.