Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Release is a command line tool to automatically generate a new GitHub Release and populates it with the changes (commits) made since the last release.
Firstly, install the package from npm:
npm install -g release
Alternatively, you can use Yarn to install it:
yarn global add release
Once that's done, you can run this command inside your project's directory:
release <type>
A <type>
argument can be passed. If you leave it out, a GitHub Release will be created from the most recent commit and tag.
According to the SemVer spec, the argument can have one of these values:
major
: Incompatible API changes were introducedminor
: Functionality was added in a backwards-compatible mannerpatch
: Backwards-compatible bug fixes were appliedIn addition to those values, we also support creating pre-releases like 3.0.0-canary.1
:
release pre
You can also apply a custom suffix in place of "canary" like this:
release pre <suffix>
Assuming that you provide "beta" as the <suffix>
your release will then be 3.0.0-beta.1
– and so on...
The following command will show you a list of all available options:
release help
If you want to automate release
even further, specify the change type of your commits by adding it to the title or description within parenthesis:
Error logging works now (patch)
Assuming that you've defined it for a certain commit, release
won't ask you to set a type for it manually. This will make the process of creating a release even faster.
To pre-define that a commit should be excluded from the list, you can use this keyword:
This is a commit message (ignore)
Sometimes you might want to filter the information that gets inserted into new releases by adding an intro text, replacing certain data or just changing the order of the changes.
With a custom hook, the examples above (and many more) are very easy to accomplish:
By default, release will look for a file named release.js
in the root directory of your project. This file should export a function with two parameters and always return a String
(the final release):
module.exports = async (markdown, metaData) => {
// Use the available data to create a custom release
return markdown;
};
In the example above, markdown
contains the release as a String
(if you just want to replace something). In addition, metaData
contains these properties:
Property Name | Content |
---|---|
changeTypes | The types of changes and their descriptions |
commits | A list of commits since the latest release |
groupedCommits | Similar to commits , but grouped by the change types |
authors | The GitHub usernames of the release collaborators |
Hint: You can specify a custom location for the hook file using the --hook
or -H
flag, which takes in a path relative to the current working directory.
As we at Vercel moved all of our GitHub repositories from keeping a HISTORY.md
file to using GitHub Releases, we needed a way to automatically generate these releases from our own devices, rather than always having to open a page in the browser and manually add the notes for each change.
You can find the authentication flow here.
npm uninstall -g release
npm link
release
on the command line!As always, you can use npm test
to run the tests and see if your changes have broken anything.
Thanks a lot to Daniel Chatfield for donating the "release" name on npm and my lovely team for telling me about their needs and how I can make this package as efficient as possible.
Leo Lamprecht (@notquiteleo)
FAQs
Generate changelogs with a single command
The npm package release receives a total of 2,599 weekly downloads. As such, release popularity was classified as popular.
We found that release demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 123 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.