
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
semantic-release-github-pr
Advanced tools
A `semantic-release` plugin that creates a changelog comment on Github PRs.
Preview the semantic release notes that would result from merging a Github PR.
Instead of publishing a new release, this semantic-release
plugin will post a comment to any open Github PRs with a preview of the generated release notes.
npm install -D semantic-release-github-pr
This plugin is a complement to semantic-release
. It is assumed the user is already fully familiar with that package and its workflow.
Github authentication must be configured for semantic-relase
.
The easiest way to use the plugin is through the CLI. If more flexibility is needed, the plugin can also be set through the semantic-release
config in package.json
.
Post a comment to any open Github PRs with a matching base branch and git head (previous comments generated by this plugin will be removed).
npx semantic-release-github-pr
The semantic-release-github-pr
command is provided as a convenience. Internally, it simply wraps the semantic-release
command, applying the necessary publish
plugin (see config below). Otherwise, it works just the same and accepts the same options .
package.json
configIf more flexibility is needed, this package provides a publish
plugin.
Default configuration (as encapsulated in the semantic-release-github-pr
command):
{
"release": {
"publish": "semantic-release-github-pr",
"verifyConditions": "@semantic-release/github"
}
}
This plugin is best used with a CI build process to fully automate the posting of comments in Github PRs. Ideally, it should run whenever a relevant PR is opened.
By default, Travis will trigger a build whenever a PR is opened (pr) or updated (push) in the corresponding Github repo.
after_success:
- "npx semantic-release-github-pr"
Unfortunately, CircleCI only supports building on push, not when a PR is created. This limits the usefulness of the plugin somewhat, as a build will have to be triggered manually after a PR is opened.
test:
post:
- "npx semantic-release-github-pr"
FAQs
A `semantic-release` plugin that creates a changelog comment on Github PRs.
The npm package semantic-release-github-pr receives a total of 238 weekly downloads. As such, semantic-release-github-pr popularity was classified as not popular.
We found that semantic-release-github-pr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.