Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gulp-conventional-release
Advanced tools
A gulp plugin for managing semver releases using conventional changelog
A gulp plugin for managing semver releases using conventional changelog
We have very precise rules over how our git commit messages can be formatted for maintenance of the changelog and semvar versioning. This leads to more readable messages that are easy to follow when looking through the project history. But also, we use the git commit messages to generate the change log.
gulp
or gulp test
to run unit tests.gulp bump
to update the version in package.json, add a git tag and generate the updated CHANGELOG.md (see https://github.com/ajoslin/conventional-changelog)..conventionalChangelog
package.json
and CHANGELOG.md
filesThe reason why you should commit and tag after conventionalChangelog
is that the CHANGELOG should be included in the new release, hence gitRawCommitsOpts.from
defaults to the latest semver tag.
This process is automated with gulp, including determining the type of version to bump (major, minor or patch). To use Gulp, follow these steps:
gulp release
(this will stage and commit the changes, bump the version in package.json, run conventional-changelog to update the changelog, tag the version, and push the changes0.Each commit message consists of a header, a body and a footer. The header has a special format that includes a type, a scope and a subject:
<type>(<scope>): <subject>
<BLANK LINE>
<body>
<BLANK LINE>
<footer>
The header is mandatory and the scope of the header is optional.
Any line of the commit message cannot be longer 100 characters! This allows the message to be easier to read on GitHub as well as in various git tools.
If the commit reverts a previous commit, it should begin with revert:
, followed by the header of the reverted commit. In the body it should say: This reverts commit <hash>.
, where the hash is the SHA of the commit being reverted.
Must be one of the following:
The scope could be anything specifying place of the commit change. For example $location
,
$browser
, $compile
, $rootScope
, ngHref
, ngClick
, ngView
, etc...
The subject contains succinct description of the change:
Just as in the subject, use the imperative, present tense: "change" not "changed" nor "changes". The body should include the motivation for the change and contrast this with previous behavior.
The footer should contain any information about Breaking Changes and is also the place to reference github issues that this commit Closes.
Breaking Changes should start with the word BREAKING CHANGE:
with a space or two newlines. The rest of the commit message is then used for this.
Appears under "Features" header, pencil subheader:
feat(pencil): add 'graphiteWidth' option
Appears under "Bug Fixes" header, graphite subheader, with a link to issue #GSNP-28:
fix(graphite): stop graphite breaking when width < 0.1
Closes #123
Appears under "Performance Improvements" header, and under "Breaking Changes" with the breaking change explanation:
perf(pencil): remove graphiteWidth option
BREAKING CHANGE: The graphiteWidth option has been removed. The default graphite width of 10mm is always used for performance reason.
The following commit and commit 667ecc1
do not appear in the changelog if they are under the same release. If not, the revert commit appears under the "Reverts" header.
revert: feat(pencil): add 'graphiteWidth' option
This reverts commit 667ecc1654a317a13331b17617d973392f415f02.
A detailed explanation can be found in this [document][https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit#].
FAQs
A gulp plugin for managing semver releases using conventional changelog
The npm package gulp-conventional-release receives a total of 0 weekly downloads. As such, gulp-conventional-release popularity was classified as not popular.
We found that gulp-conventional-release demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.