Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
conventional-changelog
Advanced tools
The conventional-changelog npm package automates the generation of changelogs based on commit messages that follow the Conventional Commits specification. This tool is widely used to maintain a clear, readable history of project changes which can be easily communicated to other developers and users.
Generate changelog
This code demonstrates how to generate a changelog using the Angular preset. The changelog will be written to a file named 'CHANGELOG.md'.
const conventionalChangelog = require('conventional-changelog');
const fs = require('fs');
const changelogStream = conventionalChangelog({ preset: 'angular' });
changelogStream.pipe(fs.createWriteStream('CHANGELOG.md'));
Create a release
This code snippet shows how to automatically determine the semantic version bump based on commit messages. It uses the Angular preset to recommend a bump and then uses npm to update the project version accordingly.
const conventionalRecommendedBump = require('conventional-recommended-bump');
const exec = require('child_process').exec;
conventionalRecommendedBump({ preset: 'angular' }, (error, recommendation) => {
exec(`npm version ${recommendation.releaseType}`, (error, stdout, stderr) => {
console.log('Version bumped to', stdout);
});
});
standard-version is a utility for versioning using semver and CHANGELOG generation powered by Conventional Commits. It automates versioning and changelog generation but with a simpler setup compared to conventional-changelog, integrating these steps into a single command.
semantic-release automates the whole package release workflow including determining the next version number, generating the release notes, and publishing the package. This tool provides a more comprehensive solution compared to conventional-changelog by handling the entire release process in a CI/CD environment.
Lerna is a tool for managing JavaScript projects with multiple packages, known as monorepos. While it includes functionality for generating changelogs similar to conventional-changelog, its primary focus is on managing dependencies and publishing multiple packages from the same repository.
Generate a changelog from git metadata
You most likely only need to use this module if you're building a library that provides an abstraction on top of conventional commits, See Getting started if you're an end-user.
$ npm install --save conventional-changelog
import conventionalChangelog from 'conventional-changelog';
conventionalChangelog({
preset: 'angular'
})
.pipe(process.stdout); // or any writable stream
Or if you want to use your own custom preset:
import conventionalChangelog from 'conventional-changelog';
import config from '@org/conventional-changelog-custom-preset';
conventionalChangelog({config})
.pipe(process.stdout); // or any writable stream
Returns a readable stream.
See the conventional-changelog-core docs. The API is the same with the following changes or additions:
Type: string
Possible values: 'angular', 'atom', 'codemirror', 'conventionalcommits', 'ember', 'eslint', 'express', 'jquery', 'jshint'
It's recommended to use a preset so you don't have to define everything yourself. Presets are names of built-in config
.
A scoped preset package such as @scope/conventional-changelog-custom-preset
can be used by passing @scope/custom-preset
to this option.
NOTE: options.config
will be overwritten by the values of preset. You should use either preset
or config
, but not both.
MIT
FAQs
Generate a changelog from git metadata.
We found that conventional-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.