Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
git-conventional-commits
Advanced tools
ℹ Have a look at Git Commit Conventions
npm install --global git-conventional-commits
git-conventional-commits init
git-conventional-commits.json
to your needsℹ add help parameter -h
to commands to list all possible options
init [options] creates a config file template `git-conventional-commits.json`
version [options] determine version from conventional commits
changelog [options] generate change log from conventional commits
commit-msg-hook [options] <commit-msg-file> check for conventional commit message format
Example git-conventional-commits.json
{
"convention" : {
"commitTypes": [
"feat",
"fix",
"perf",
"refactor",
"style",
"test",
"build",
"ops",
"docs",
"merge"
],
"commitScopes": [],
"releaseTagGlobPattern": "v[0-9]*.[0-9]*.[0-9]*",
"issueRegexPattern": "(^|\\s)#\\d+(\\s|$)"
},
"changelog" : {
"commitTypes": [
"feat",
"fix",
"perf",
"merge",
"?"
],
"commitScopes": [],
"commitIgnoreRegexPattern": "^WIP ",
"headlines": {
"feat": "Features",
"fix": "Bug Fixes",
"perf": "Performance Improvements",
"merge": "Merged Branches",
"breakingChange": "BREAKING CHANGES"
},
"commitUrl": "https://github.com/ACCOUNT/REPOSITORY/commit/%commit%",
"commitRangeUrl": "https://github.com/ACCOUNT/REPOSITORY/compare/%from%...%to%?diff=split",
"issueUrl": "https://github.com/ACCOUNT/REPOSITORY/issues/%issue%"
}
}
convention
commitTypes
an array of expected commit types
["feat", "fix", "doc", "style"]
commitScopes
an array of expected commit types
["ui", "database"]
releaseTagGlobPattern
glob pattern to filter for release tags
[0-9]+\.[0-9]+\.[0-9]+
)*
issueRegexPattern
regex pattern to find issue IDs
[A-Z]{3,}-\\d+
changelog
commitTypes
filter commits by type
convention.commitTypes
plus
merge
commits?
commits with unexpected message format["feat", "fix", "merge" , "?"]
commitScopes
filter commits by scopes
convention.commitScopes
["ui"]
commitIgnoreRegexPattern
filter commits by commit subject regex
^WIP
headlines
a map of headline identifier and actual headline
changelog.commitTypes
plus
breakingChange
Breaking Changes Section{ "feat": "Features", "fix": "Bug Fixes", "breakingChange": "BREAKING CHANGES"}
{ "feat": "Features", "fix": "Bug Fixes", "merge": "Merged Branches", "breakingChange": "BREAKING CHANGES"}
commitUrl
an URL template for generating markdown links to repository commits
%commit%
commit hash placeholderhttps://github.com/qoomon/git-conventional-commits/commit/%commit%
issueUrl
an URL template for generating markdown links to an issue tracker
%issue%
issue id placeholderhttps://jira.example.org/browse/%issue%
cd <repository-path>
mkdir .git-hooks
git config core.hooksPath .git-hooks
touch .git-hooks/commit-msg && chmod +x .git-hooks/commit-msg
.git-hooks/commit-msg
with your favorite editor and paste following script
#!/bin/sh
# fix for windows systems
PATH="/c/Program Files/nodejs:$HOME/AppData/Roaming/npm/:$PATH"
git-conventional-commits commit-msg-hook "$1"
.git-hooks/commit-msg
to repositorygit config core.hooksPath .git-hooks
git-conventional-commits
git-conventional-commits version
git commit -am'build(release): bump project version to <version>'
git-conventional-commits changelog --release <version> --file 'CHANGELOG.md'
git commit -am'doc(release): create <version> change log entry'
git tag -a -m'build(release): <version>' '<version-prefix><version>'
git push
npm install
npm test
npm login
npm publish
FAQs
git conventional commits util
The npm package git-conventional-commits receives a total of 1,159 weekly downloads. As such, git-conventional-commits popularity was classified as popular.
We found that git-conventional-commits demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.