Security News
UK Officials Consider Banning Ransomware Payments from Public Entities
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Manage automatic releases in a multi repo environment (comparable to lerna and lerna-semantic-release)
A prerequisite for using the automatic release according to semver standards is to stick to commits in the style of conventional changelog.
The easiest way to do this is using commitizen to replace the git commit
command.
Based on commits formatted like this
fix(my-package): description of contents
BREAKING CHANGE: description of breaking stuff
Taking these commit messages, the tool automatically
For this the following rules apply:
feat
triggers a minor releasefix
, refactor
, perf
, revert
trigger a patch releaseBREAKING
somewhere in the message (subject or body) converts this
to a major releaseAs you would expect, you can simply install the package like
npm install -D rlsr
and after that add it to your package.json
{
...
"scripts": {
"prerelease": "rlsr pre",
"release": "rlsr perform"
}
...
}
Finally, you can use it for a dry run (without any persistence) npm run prepublish
(or rlsr pre
) and check what it has created.
For the full power you can persist these changes with git commits and tags as
well as the npm publish using npm run release
(or rlsr pre && rlsr perform
).
rlsr understands two paradigms for handling dependencies from one monorepo package to another.
5.0.0
.3.2.1 - 5
RLSR has some config values, that you can set inside your package.json in a
rlsr
section.
verbose
(boolean): true
creates a lot more output for debugging purposes.packagePath
(string): tells the system where the multi repo packages live
(defaults to ./packages
)exactRelations
(boolean): use the exact paradigm for related versions
(defaults to false)RLSR is able to fill in the latest version of a package to dependants. A
dependant package just needs to use rlsr-latest
instead of a concrete version
in it's dependencies.
{
"my-package"
"dependencies": {
"my-dependency": "rlsr-latest"
}
}
There are currently two criteria:
feat
,
fix
, refactor
, perf
, revert
)BREAKING
in uppercaseThe easiest way to achieve this is by using commitizen
and enter something
under the BREAKING CHANGE topic.
A message of type feat(package-name)
triggers a minor release.
A message of type fix
, refactor
, perf
or revert
triggers a minor
release.
previouslyUnreleased
in the package.json mean?The two processes (pre
and perform
) are independent of each other. But they
use the main package.json as a amall data exchange layer.
pre
leaves previouslyUnreleased
as an information for perform
. It tells
the second process which components need to be published. perform
finally
removes this again. But you may stumble upon this package.json entry at times.
FAQs
create npm releses and changelogs from a multi repo
The npm package rlsr receives a total of 21 weekly downloads. As such, rlsr popularity was classified as not popular.
We found that rlsr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.