Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gitex-flow
Advanced tools
A git flow extension that provides some additional automation and feature improvements. The aim of the project is to offer a complete process chain in order to organize the releases of your projects as easily as possible.
gitex-flow is a node.js framework extending git flow that provides an all-in-one approach to a release and deployment strategy and process. The framework offers automated tools that allow you to embed the release strategy in your development process.
In my experience as software developer, one of the most important parts of a software project is a precisely defined and largely automated release and deployment process.
Continous deployments are mostly an essential part of the project requirements, especially for agile projects. A deployment can be very error prune and time expensive. For this reason, it is worth investing in making the deployment process as simple as possible. Another common and important requirement is to notify the user of changes from one version to another. Transparency is important in increasing the acceptance of the software and allows to participate the user into the software project.
When a project gets bigger and more complicated or several developers work on it, a defined release process becomes more and more important. For this reason, it's advisable to think about the release process as early as possible in the project.
The following list defines some criterias of a release and deployment process:
For any listed criteria exist some suitable solutions and principles:
git-flow: A git deployment strategy.
semantic versioning (SemVer): A semantic version strategy.
conventional commits: A git commit message standard.
standard-version: A tool providing automated versioning and changelog generation designed for github flow.
Additionally there are some very helpful articles about this topic:
No. | Criteria | git-flow | SemVer | Conventional commits | standard-version |
---|---|---|---|---|---|
1 | Deployed versions can be recovered. | ✔ | |||
2 | Deployed versions can be fixed. | ✔ | |||
3 | Deployed versions do not influence each other. | ✔ | |||
4 | Current development should not influence deployed versions. | ✔ | |||
5 | Changes between versions should be captured as a changelog. | ✔ | |||
6 | All versions should have a standardized version numbers. | ✔ | ✔ | ||
7 | Integration of the release process in the IDE. | ✔ | ✔ |
The aim of this project is to offer a well-coordinated overall concept that integrates all of the listed principles and tools into the git flow workflow.
If you like to use gitex-flow in your node.js project you can use gitex-flow as a npm script.
#> npm install --save-dev gitex-flow
After installation add the following lines to the scripts
section in your package.json
of your project:
"scripts": {
...
"feature:start": "gitex-flow feature start",
"feature:finish": "gitex-flow feature finish",
"release:start": "gitex-flow release start",
"release:finish": "gitex-flow release finish",
"hotfix:start": "gitex-flow hotfix start",
"hotfix:finish": "gitex-flow hotfix finish",
"bugfix:start": "gitex-flow bugfix start",
"bugfix:finish": "gitex-flow bugfix finish",
"support:start": "gitex-flow support start",
"support:finish": "gitex-flow support finish"
...
}
gitex-flow has mostly the same commands and API as git flow. There are only some simplifying changens and functional extensions which are fully backward compatible.
Features are branches that are based on the develop branch, which add new functionality to the program. Feature branches can exist across many releases and can be updated regularly with the latest changes the develop branch.
#> npm run feature:start -- <name>
...
#> npm run feature:finish -- <name>
Bugfix branches are similar to feature branches, but are used for fixing bugs. This is useful for bugs which are not fixable as a hotfix (breaking change, low prio bug).
#> npm run bugfix:start -- <name>
...
#> npm run bugfix:finish -- <name>
Releases are branches that are based on the develop branch, which freezes the current code and mark a feature stop. The code from the release branch can be published to the consolidation (test) system. Only bugfixes are allowed to be commited on the release branch. If the release is stable, the release branch can be finished and merged into the master branch.
#> npm run release:start -- [name]
...
#> npm run release:finish -- [name]
package.json
is updatedCHANGELOG.md
is updated with the changes since the last releaseHotfixes are bug fixes based on a released version.
#> npm run hotfix:start -- [name]
...
#> npm run hotfix:finish -- [name]
package.json
is updatedCHANGELOG.md
is updated with the bugfixs are mode on the hotfix branchSupport branches are based on a released version to provide long time support of a program version.
#> npm run support:start -- <name> <base>
...
#> npm run support:finish -- <name> <base>
If you like to use gitex-flow in your code, you can use the typescript gitex-flow API.
gitex-flow is implemented as a wrapper of a arbitary git flow implementation.
import { AvhGitFlow, GFlow } from 'gitex-flow';
const gitFlow = new AvhGitFlow();
const gflow = new GFlow(gitFlow);
// ...
The full API documentation can be found here.
FAQs
A git flow extension that provides some additional automation and feature improvements. The aim of the project is to offer a complete process chain in order to organize the releases of your projects as easily as possible.
The npm package gitex-flow receives a total of 222 weekly downloads. As such, gitex-flow popularity was classified as not popular.
We found that gitex-flow demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.