Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
conventional-changelog-core
Advanced tools
The conventional-changelog-core npm package is a tool designed to generate changelogs for projects based on semantic versioning and commit message conventions. It automates the creation of changelogs by parsing commit messages, identifying the type of changes, and formatting them into a structured changelog file.
Generate changelog from git metadata
This code demonstrates how to generate a changelog using the Angular preset. It streams the changelog content and writes it to a 'CHANGELOG.md' file.
const conventionalChangelog = require('conventional-changelog-core');
const fs = require('fs');
const changelogStream = conventionalChangelog({preset: 'angular'});
changelogStream.pipe(fs.createWriteStream('CHANGELOG.md'));
Customizable preset and configuration
This example shows how to use a custom configuration for generating a changelog. The configuration can define how commit messages are parsed, what types of commits to include, and how the changelog is formatted.
const conventionalChangelog = require('conventional-changelog-core');
const config = require('./custom-config');
const changelogStream = conventionalChangelog({config: config});
changelogStream.pipe(process.stdout);
standard-version is an automatic versioning and changelog generation package that follows the Conventional Commits specification. It wraps around the conventional-changelog-core and provides additional features like version bumping and tagging, making it more comprehensive for release management compared to conventional-changelog-core which focuses primarily on changelog generation.
lerna-changelog is tailored for managing monorepos and integrates well with Lerna projects. It generates changelogs based on pull requests and their labels, offering a different approach compared to conventional-changelog-core which relies on commit messages. This makes lerna-changelog particularly useful in collaborative projects that utilize GitHub's PR features extensively.
You are probably looking for the cli module. Or use one of the plugins if you are already using the tool: grunt/gulp/atom.
$ npm install --save conventional-changelog-core
var conventionalChangelogCore = require('conventional-changelog-core');
conventionalChangelogCore()
.pipe(process.stdout); // or any writable stream
Returns a readable stream.
Note: options.transform
, options.pkg.transform
and writerOpts.transform
are different. If you have a better naming suggestion, please send a PR.
Type: promise
, function
or object
This should serve as default values for other arguments of conventionalChangelogCore
so you don't need to rewrite the same or similar config across your projects. Any value in this could be overwritten.
If this is a promise (recommended if async), it should resolve with the config.
If this is a function, it expects a node style callback with the config object.
If this is an object, it is the config object. The config object should include context
, gitRawCommitsOpts
, parserOpts
and writerOpts
.
Type: object
Type: string
Default: closest package.json.
The location of your "package.json".
Type: function
Default: pass through.
A function that takes package.json
data as the argument and returns the modified data. Note this is performed before normalizing package.json data. Useful when you need to add a leading 'v' to your version or modify your repository url, etc.
Type: boolean
Default: false
Should the log be appended to existing data.
Type: number
Default: 1
How many releases of changelog you want to generate. It counts from the upcoming release. Useful when you forgot to generate any previous changelog. Set to 0
to regenerate all.
Type: function
Default: function() {}
A debug function. EG: console.debug.bind(console)
Type: function
Default: options.debug
A warn function. EG: grunt.verbose.writeln
Type: function
Default: get the version (without leading 'v') from tag and format date.
A transform function that applies after the parser and before the writer.
This is the place to modify the parsed commits.
####### commit
The commit from conventional-commits-parser.
####### cb
Callback when you are done.
####### this
this
arg of through2.
Type: boolean
Default: true
if a different version than last release is given. Otherwise false
.
If this value is true
and context.version
equals last release then context.version
will be changed to 'Unreleased'
.
NOTE: You may want to combine this option with releaseCount
set to 0
to always overwrite the whole CHANGELOG. conventional-changelog
only outputs a CHANGELOG but doesn't read any existing one.
Specify a package in lerna-style monorepo that the CHANGELOG should be generated for.
Lerna tags releases in the format foo-package@1.0.0
and assumes that packages
are stored in the directory structure ./packages/foo-package
.
Specify a prefix for the git tag that will be taken into account during the comparison.
For instance if your version tag is prefixed by version/
instead of v
you would specify --tagPrefix=version/
See the conventional-changelog-writer docs. There are some defaults or changes:
Default: normalized host found in package.json
.
Default: version found in package.json
.
Default: extracted from normalized package.json
repository.url
field.
Default: extracted from normalized package.json
repository.url
field.
Default: The whole normalized repository url in package.json
.
Type: array
All git semver tags found in the repository. You can't overwrite this value.
Type: string
Default: previous semver tag or the first commit hash if no previous tag.
Type: string
Default: current semver tag or 'v'
+ version if no current tag.
Type: object
Your package.json
data. You can't overwrite this value.
Type: boolean
Default: true
if previousTag
and currentTag
are truthy.
Should link to the page that compares current tag with previous tag?
See the git-raw-commits docs. There are some defaults:
Default: '%B%n-hash-%n%H%n-gitTags-%n%d%n-committerDate-%n%ci'
Default: based on options.releaseCount
.
Default: true
if options.append
is truthy.
Type: function
Default: options.debug
See the conventional-commits-parser docs.
Default: options.warn
See the conventional-changelog-writer docs. There are some defaults:
Finalize context is used for generating above context.
NOTE: If you overwrite this value the above context defaults will be gone.
Type: function
Default: options.debug
Default: options.append
Default: options.outputUnreleased
This module has options append
and releaseCount
. However, it doesn't read your previous changelog. Reasons being:
So, when you build a parent module, you need to read the old logs and append or prepend to them based on options.append
. However, if options.releaseCount
is 0
you need to ignore any previous logs. Please see conventional-github-releaser as an example.
Arguments passed to conventionalChangelogCore
will be mutated.
MIT
FAQs
Core package of conventional-changelog.
The npm package conventional-changelog-core receives a total of 2,674,047 weekly downloads. As such, conventional-changelog-core popularity was classified as popular.
We found that conventional-changelog-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.