Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
conventional-changelog
Advanced tools
The conventional-changelog npm package automates the generation of changelogs based on commit messages that follow the Conventional Commits specification. This tool is widely used to maintain a clear, readable history of project changes which can be easily communicated to other developers and users.
Generate changelog
This code demonstrates how to generate a changelog using the Angular preset. The changelog will be written to a file named 'CHANGELOG.md'.
const conventionalChangelog = require('conventional-changelog');
const fs = require('fs');
const changelogStream = conventionalChangelog({ preset: 'angular' });
changelogStream.pipe(fs.createWriteStream('CHANGELOG.md'));
Create a release
This code snippet shows how to automatically determine the semantic version bump based on commit messages. It uses the Angular preset to recommend a bump and then uses npm to update the project version accordingly.
const conventionalRecommendedBump = require('conventional-recommended-bump');
const exec = require('child_process').exec;
conventionalRecommendedBump({ preset: 'angular' }, (error, recommendation) => {
exec(`npm version ${recommendation.releaseType}`, (error, stdout, stderr) => {
console.log('Version bumped to', stdout);
});
});
standard-version is a utility for versioning using semver and CHANGELOG generation powered by Conventional Commits. It automates versioning and changelog generation but with a simpler setup compared to conventional-changelog, integrating these steps into a single command.
semantic-release automates the whole package release workflow including determining the next version number, generating the release notes, and publishing the package. This tool provides a more comprehensive solution compared to conventional-changelog by handling the entire release process in a CI/CD environment.
Lerna is a tool for managing JavaScript projects with multiple packages, known as monorepos. While it includes functionality for generating changelogs similar to conventional-changelog, its primary focus is on managing dependencies and publishing multiple packages from the same repository.
$ npm install conventional-changelog
Generate a changelog from git metadata, using the AngularJS commit conventions.
Adapted from code originally written by @vojtajina and @btford in grunt-conventional-changelog.
Simple usage:
require('conventional-changelog')({
repository: 'https://github.com/joyent/node',
version: require('./package.json').version
}, function(err, log) {
console.log('Here is your changelog!', log);
});
changelog(options, callback)
By default, calls the callback with a string containing a changelog from the previous tag to HEAD, using pkg.version, prepended to existing CHANGELOG.md (if it exists).
callback
is the second parameter, and takes two parameters: (err, log)
. log
is a string containing the newly generated changelog, and err
is either an error or null.
options
is the first parameter, an object. The following fields are available:
version
{string}
- The version to be written to the changelog. For example, {version: "1.0.1"}
. Defaults to the version found in package.json
. See pkg
to configure the path of package.json.
subtitle
{string}
- A string to display after the version title in the changelog. For example, it will show '## 1.0.0 "Super Version"' if codename '"Super Version"' is given. By default, it's blank.
repository
{string}
- If this is provided, allows issues and commit hashes to be linked to the actual commit. Usually used with github repositories. For example, {repository: 'http://github.com/joyent/node'}
. Defaults to "normalized" repository.url
found in package.json
. See pkg
to configure the path of package.json.
pkg
{string}
- The path of package.json
. Defaults to ./package.json
.
from
{string}
- Which commit the changelog should start at. By default, uses previous tag, or if no previous tag the first commit.
to
{string}
- Which commit the changelog should end at. By default, uses HEAD.
file
{string}
- Which file to read the current changelog from and prepend the new changelog's contents to. By default, uses 'CHANGELOG.md'
.
versionText
{function(version, subtitle)}
- What to use for the title of a major version in the changelog. Defaults to '## ' + version + ' ' + subtitle
.
patchVersionText
{function(version, subtitle)}
- What to use for the title of a patch version in the changelog. Defaults to '### ' + version + ' ' + subtitle
.
commitLink
{function(commitHash)}
- If repository is provided, this function will be used to link to commits. By default, returns a github commit link based on options.repository: opts.repository + '/commit/' + hash
.
issueLink
{function(issueId)}
- If repository is provided, this function will be used to link to issues. By default, returns a github issue link based on options.repository: opts.repository + '/issues/' + id
.
log
{function()}
- What logging function to use. For example, {log: grunt.log.ok}
. By default, uses console.log
.
warn
{function()}
- What warn function to use. For example, {warn: grunt.log.writeln}
. By default, uses console.warn
.
BSD
FAQs
Generate a changelog from git metadata.
We found that conventional-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.