Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
conventional-changelog
Advanced tools
The conventional-changelog npm package automates the generation of changelogs based on commit messages that follow the Conventional Commits specification. This tool is widely used to maintain a clear, readable history of project changes which can be easily communicated to other developers and users.
Generate changelog
This code demonstrates how to generate a changelog using the Angular preset. The changelog will be written to a file named 'CHANGELOG.md'.
const conventionalChangelog = require('conventional-changelog');
const fs = require('fs');
const changelogStream = conventionalChangelog({ preset: 'angular' });
changelogStream.pipe(fs.createWriteStream('CHANGELOG.md'));
Create a release
This code snippet shows how to automatically determine the semantic version bump based on commit messages. It uses the Angular preset to recommend a bump and then uses npm to update the project version accordingly.
const conventionalRecommendedBump = require('conventional-recommended-bump');
const exec = require('child_process').exec;
conventionalRecommendedBump({ preset: 'angular' }, (error, recommendation) => {
exec(`npm version ${recommendation.releaseType}`, (error, stdout, stderr) => {
console.log('Version bumped to', stdout);
});
});
standard-version is a utility for versioning using semver and CHANGELOG generation powered by Conventional Commits. It automates versioning and changelog generation but with a simpler setup compared to conventional-changelog, integrating these steps into a single command.
semantic-release automates the whole package release workflow including determining the next version number, generating the release notes, and publishing the package. This tool provides a more comprehensive solution compared to conventional-changelog by handling the entire release process in a CI/CD environment.
Lerna is a tool for managing JavaScript projects with multiple packages, known as monorepos. While it includes functionality for generating changelogs similar to conventional-changelog, its primary focus is on managing dependencies and publishing multiple packages from the same repository.
Generate a changelog from git metadata
You most likely only need to use this module if you're building a library that provides an abstraction on top of conventional commits, See Getting started if you're an end-user.
$ npm install --save conventional-changelog
import conventionalChangelog from 'conventional-changelog';
conventionalChangelog({
preset: 'angular'
})
.pipe(process.stdout); // or any writable stream
Or if you want to use your own custom preset:
import conventionalChangelog from 'conventional-changelog';
import config from '@org/conventional-changelog-custom-preset';
conventionalChangelog({config})
.pipe(process.stdout); // or any writable stream
Returns a readable stream.
See the conventional-changelog-core docs. The API is the same with the following changes or additions:
Type: string
Possible values: 'angular', 'atom', 'codemirror', 'conventionalcommits', 'ember', 'eslint', 'express', 'jquery', 'jshint'
It's recommended to use a preset so you don't have to define everything yourself. Presets are names of built-in config
.
A scoped preset package such as @scope/conventional-changelog-custom-preset
can be used by passing @scope/custom-preset
to this option.
NOTE: options.config
will be overwritten by the values of preset. You should use either preset
or config
, but not both.
MIT
FAQs
Generate a changelog from git metadata.
The npm package conventional-changelog receives a total of 1,402,472 weekly downloads. As such, conventional-changelog popularity was classified as popular.
We found that conventional-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.