Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
conventional-changelog
Advanced tools
The conventional-changelog npm package automates the generation of changelogs based on commit messages that follow the Conventional Commits specification. This tool is widely used to maintain a clear, readable history of project changes which can be easily communicated to other developers and users.
Generate changelog
This code demonstrates how to generate a changelog using the Angular preset. The changelog will be written to a file named 'CHANGELOG.md'.
const conventionalChangelog = require('conventional-changelog');
const fs = require('fs');
const changelogStream = conventionalChangelog({ preset: 'angular' });
changelogStream.pipe(fs.createWriteStream('CHANGELOG.md'));
Create a release
This code snippet shows how to automatically determine the semantic version bump based on commit messages. It uses the Angular preset to recommend a bump and then uses npm to update the project version accordingly.
const conventionalRecommendedBump = require('conventional-recommended-bump');
const exec = require('child_process').exec;
conventionalRecommendedBump({ preset: 'angular' }, (error, recommendation) => {
exec(`npm version ${recommendation.releaseType}`, (error, stdout, stderr) => {
console.log('Version bumped to', stdout);
});
});
standard-version is a utility for versioning using semver and CHANGELOG generation powered by Conventional Commits. It automates versioning and changelog generation but with a simpler setup compared to conventional-changelog, integrating these steps into a single command.
semantic-release automates the whole package release workflow including determining the next version number, generating the release notes, and publishing the package. This tool provides a more comprehensive solution compared to conventional-changelog by handling the entire release process in a CI/CD environment.
Lerna is a tool for managing JavaScript projects with multiple packages, known as monorepos. While it includes functionality for generating changelogs similar to conventional-changelog, its primary focus is on managing dependencies and publishing multiple packages from the same repository.
Generate a changelog from git metadata
You most likely only need to use this module if you're building a library that provides an abstraction on top of conventional commits, See Getting started if you're an end-user.
$ npm install --save conventional-changelog
var conventionalChangelog = require('conventional-changelog');
conventionalChangelog({
preset: 'angular'
})
.pipe(process.stdout); // or any writable stream
Or if you want to use your own custom preset:
var conventionalChangelog = require('conventional-changelog');
var config = require('@org/conventional-changelog-custom-preset');
conventionalChangelog({config})
.pipe(process.stdout); // or any writable stream
Returns a readable stream.
See the conventional-changelog-core docs. The API is the same with the following changes or additions:
Type: string
Possible values: 'angular', 'atom', 'codemirror', 'conventionalcommits', 'ember', 'eslint', 'express', 'jquery', 'jshint'
It's recommended to use a preset so you don't have to define everything yourself. Presets are names of built-in config
.
A scoped preset package such as @scope/conventional-changelog-custom-preset
can be used by passing @scope/custom-preset
to this option.
NOTE: options.config
will be overwritten by the values of preset. You should use either preset
or config
, but not both.
MIT
FAQs
Generate a changelog from git metadata.
We found that conventional-changelog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.