![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
release-it
Advanced tools
Package description
release-it is a versatile command-line tool for automating versioning and package publishing. It simplifies the release process by handling version bumps, changelogs, Git tags, and publishing to npm and other platforms.
Version Bumping
Automatically bumps the version of your project. In this example, it bumps the minor version.
release-it minor
Changelog Generation
Generates a changelog based on the commits since the last release.
release-it --changelog
Git Tagging
Creates a new Git tag for the release.
release-it --git.tag
NPM Publishing
Publishes the package to the npm registry.
release-it --npm.publish
Custom Hooks
Allows you to define custom hooks to run at various points in the release process.
{ "hooks": { "before:init": "echo 'This is a custom hook'" } }
standard-version is a tool for versioning and changelog generation based on conventional commits. It focuses on standardizing the release process and is less customizable compared to release-it.
semantic-release automates the versioning and package publishing process based on the commit history. It is highly configurable and integrates with CI/CD pipelines, making it more suitable for complex workflows compared to release-it.
lerna is a tool for managing JavaScript projects with multiple packages. It can handle versioning and publishing for monorepos, offering more advanced features for multi-package repositories compared to release-it.
Readme
š Generic CLI tool to automate versioning and package publishing related tasks:
package.json
)Use release-it for version management and publish to anywhere with its versatile configuration, a powerful plugin system, and hooks to execute any command you need to test, build, and/or publish your project.
The latest major version is v15, supporting Node.js 14 and up (as Node.js v12 is EOL). Use release-it v14 for environments running Node.js v10 and v12. Also see CHANGELOG.md.
Although release-it is a generic release tool, most projects use it for projects with npm packages. The recommended way to install release-it uses npm and adds some minimal configuration to get started:
npm init release-it
Alternatively, install it manually, and add the release
script to package.json
:
npm install -D release-it
{
"name": "my-package",
"version": "1.0.0",
"scripts": {
"release": "release-it"
},
"devDependencies": {
"release-it": "*"
}
}
Now you can run npm run release
from the command line (put release-it arguments behind the --
):
npm run release
npm run release -- minor --ci
Use npx to run release-it directly from anywhere:
npx release-it
Or use npm to install and run release-it globally:
npm install -g release-it
brew install release-it
Release a new version:
release-it
You will be prompted to select the new version, and more prompts will follow based on your configuration.
Run release-it from the root of the project to prevent potential issues.
Use --dry-run
to show the interactivity and the commands it would execute.
ā See Dry Runs for more details.
To print the next version without releasing anything, add the --release-version
flag.
To print the changelog without releasing anything, add the --changelog
flag.
Out of the box, release-it has sane defaults, and plenty of options to configure it. Most
projects use a .release-it.json
in the project root, or a release-it
property in package.json
.
ā See Configuration for more details.
Here's a quick example .release-it.json
:
{
"git": {
"commitMessage": "chore: release v${version}"
},
"github": {
"release": true
}
}
By default, release-it is interactive and allows you to confirm each task before execution:
By using the --ci
option, the process is fully automated without prompts. The configured tasks will be executed as
demonstrated in the first animation above. On a Continuous Integration (CI) environment, this non-interactive mode is
activated automatically.
Use --only-version
to use a prompt only to determine the version, and automate the rest.
How does release-it determine the latest version?
package.json
, its version
will be used (see npm to skip this).0.0.0
will be used as the latest version.Alternatively, a plugin can be used to override this (e.g. to manage a VERSION
or composer.json
file):
Add the --release-version
flag to print the next version without releasing anything.
Git projects are supported well by release-it, automating the tasks to stage, commit, tag and push releases to any Git remote.
ā See Git for more details.
GitHub projects can have releases attached to Git tags, containing release notes and assets. There are two ways to add GitHub releases in your release-it flow:
GITHUB_TOKEN
)ā See GitHub Releases for more details.
GitLab projects can have releases attached to Git tags, containing release notes and assets. To automate GitLab releases:
gitlab.release: true
ā See GitLab Releases for more details.
By default, release-it generates a changelog, to show and help select a version for the new release. Additionally, this changelog serves as the release notes for the GitHub or GitLab release.
The default command is based on git log ...
. This setting (git.changelog
) can be
overridden. To further customize the release notes for the GitHub or GitLab release, there's github.releaseNotes
or
gitlab.releaseNotes
. Make sure any of these commands output the changelog to stdout
. Plugins are available for:
ā See Changelog for more details.
With a package.json
in the current directory, release-it will let npm
bump the version in package.json
(and
package-lock.json
if present), and publish to the npm registry.
ā See Publish to npm for more details.
With release-it, it's easy to create pre-releases: a version of your software that you want to make available, while
it's not in the stable semver range yet. Often "alpha", "beta", and "rc" (release candidate) are used as identifier for
pre-releases. An example pre-release version is 2.0.0-beta.0
.
ā See Manage pre-releases for more details.
Use --no-increment
to not increment the last version, but update the last existing tag/version.
This may be helpful in cases where the version was already incremented. Here's a few example scenarios:
release-it --no-increment --no-npm
to skip the npm publish
and try pushing the same Git tag again.Use script hooks to run shell commands at any moment during the release process (such as before:init
or
after:release
).
The format is [prefix]:[hook]
or [prefix]:[plugin]:[hook]
:
part | value |
---|---|
prefix | before or after |
plugin | version , git , npm , github , gitlab |
hook | init , bump , release |
Use the optional :plugin
part in the middle to hook into a life cycle method exactly before or after any plugin.
The core plugins include version
, git
, npm
, github
, gitlab
.
Note that hooks like after:git:release
will not run when either the git push
failed, or when it is configured not to
be executed (e.g. git.push: false
). See execution order for more details on
execution order of plugin lifecycle methods.
All commands can use configuration variables (like template strings). An array of commands can also be provided, they will run one after another. Some example release-it configuration:
{
"hooks": {
"before:init": ["npm run lint", "npm test"],
"after:my-plugin:bump": "./bin/my-script.sh",
"after:bump": "npm run build",
"after:git:release": "echo After git push, before github release",
"after:release": "echo Successfully released ${name} v${version} to ${repo.repository}."
}
}
The variables can be found in the default configuration. Additionally, the following variables are exposed:
version
latestVersion
changelog
name
repo.remote, repo.protocol, repo.host, repo.owner, repo.repository, repo.project
branchName
All variables are available in all hooks. The only exception is that the additional variables listed above are not yet
available in the init
hook.
Use --verbose
to log the output of the commands.
For the sake of verbosity, the full list of hooks is actually: init
, beforeBump
, bump
, beforeRelease
, release
or afterRelease
. However, hooks like before:beforeRelease
look weird and are usually not useful in practice.
Note that arguments need to be quoted properly when used from the command line:
release-it --'hooks.after:release="echo Successfully released ${name} v${version} to ${repo.repository}."'
Using Inquirer.js inside custom hook scripts might cause issues (since release-it also uses this itself).
Since v11, release-it can be extended in many, many ways. Here are some plugins:
Plugin | Description |
---|---|
@release-it/bumper | Read & write the version from/to any file |
@release-it/conventional-changelog | Provides recommended bump, conventional-changelog, and updates CHANGELOG.md |
@release-it/keep-a-changelog | Maintain CHANGELOG.md using the Keep a Changelog standards |
@release-it-plugins/lerna-changelog | Integrates lerna-changelog into the release-it pipeline |
@release-it-plugins/workspaces | Releases each of your projects configured workspaces |
release-it-calver-plugin | Enables Calendar Versioning (calver) with release-it |
@grupoboticario/news-fragments | An easy way to generate your changelog file |
@j-ulrich/release-it-regex-bumper | Regular expression based version read/write plugin for release-it |
Internally, release-it uses its own plugin architecture (for Git, GitHub, GitLab, npm).
ā See all release-it plugins on npm.
ā See plugins for documentation to write plugins.
Deprecated. Please see distribution repository for more details.
In release-it v15, anonymous metrics have been removed from the codebase and no data is sent or stored anywhere.
release-it --verbose
(or -V
), release-it prints the output of every user-defined hook.release-it -VV
, release-it also prints the output of every internal command.NODE_DEBUG=release-it:* release-it [...]
to print configuration and more error details.Use verbose: 2
in a configuration file to have the equivalent of -VV
on the command line.
While mostly used as a CLI tool, release-it can be used as a dependency to integrate in your own scripts. See use release-it programmatically for example code.
FAQs
Generic CLI tool to automate versioning and package publishing-related tasks.
The npm package release-it receives a total of 352,205 weekly downloads. As such, release-it popularity was classified as popular.
We found that release-it demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.