Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
git-commit-lint
Advanced tools
git-commit-lint
自定义团队或个人的一个 git-commit 约束
使用
全局安装
npm install -g git-commit-lint@latest
全局安装后, 将在全局添加命令:
- my-cm : 可以用来代替你的
git commit - my-cm-int : 在项目中一键初始化使用 git-commit-lint
项目中初始化
初始化后, 请执行
npm install安装依赖即可。
my-cm-int
定制个人的规则
第一步
- fork 本仓库
自定义规则
rules/cz-config.js
module.exports = {
types: [
{ value: 'feat', name: 'feat: 一个新的特性' },
{ value: 'fix', name: 'fix: 修复一个Bug' },
{ value: 'docs', name: 'docs: 变更的只有文档' },
{ value: 'style', name: 'style: 空格, 分号等格式修复' },
{
value: 'refactor',
name: 'refactor: 代码重构,注意和特性、修复区分开'
},
{ value: 'perf', name: 'perf: 提升性能' },
{ value: 'test', name: 'test: 添加一个测试' },
{ value: 'revert', name: 'revert: 代码回退' },
{ value: 'chore', name: 'chore: 开发工具变动(构建、脚手架工具等)' },
{ value: 'release', name: 'release: 发布项目' }
],
scopes: [],
messages: {
type: '选择一种你的提交类型:',
scope: '选择一个scope:',
customScope: '本次更改范围 scope(可选):',
subject: '短说明:',
body: '长说明,使用"|"换行(可选):\n',
breaking: '非兼容性说明 (可选):\n',
footer: '关联的BUG,例如:【一个Bug】http://xxx.com/bug (可选):\n',
confirmCommit: '确定提交说明?'
},
allowCustomScopes: true,
allowBreakingChanges: ['feat', 'fix'],
subjectLimit: 100
};
rules/lint-config.js
const czConfig = require('./cz-config');
module.exports = {
extends: ['@commitlint/config-conventional'],
// rules: https://github.com/conventional-changelog/commitlint/blob/master/docs/reference-rules.md
rules: {
'type-enum': [2, 'always', czConfig.types.map(({ value }) => value)],
'type-empty': [2, 'never'], // 提交不符合规范时,不提交
'subject-empty': [2, 'never'], // 提交不符合规范时,不能提交
'subject-full-stop': [0, 'never'], // 句号结尾.
'subject-max-length': [1, 'never', 100], // 超过最大长度 100 war提示
'subject-case': [0, 'never'], // 命名格式
'scope-empty': [1, 'never'] // scope 为空时wan提示,可以提交
}
};
编辑全局命令
编辑: package.json
"bin": {
- "my-cm": "./src/index.js",
- "my-cm-init": "./src/init.js"
+ "test-cm": "./src/index.js",
+ "test-cm-init": "./src/init.js"
},
编辑: src/init.js
scripts: {
- "cm": `my-cm`
+ "cm": `test-cm`
},
发布你的包并享受
Keywords
FAQs
自定义cz-customizable
The npm package git-commit-lint receives a total of 1 weekly downloads. As such, git-commit-lint popularity was classified as not popular.
We found that git-commit-lint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 06 Dec 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding - Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding - Dec 11, 2025