Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
validate-commit-msg
Advanced tools
Readme
This provides you a binary that you can use as a githook to validate the commit message. I recommend
husky. You'll want to make this part of the commit-msg
githook, e.g. when using husky, add "commitmsg": "validate-commit-msg"
to your npm scripts in package.json
.
Validates that your commit message follows this format:
<type>(<scope>): <subject>
Or without optional scope:
<type>: <subject>
This module is distributed via npm which is bundled with node and
should be installed as one of your project's devDependencies
:
npm install --save-dev validate-commit-msg
You can specify options in .vcmrc
.
It must be valid JSON file.
The default configuration object is:
{
"types": ["feat", "fix", "docs", "style", "refactor", "perf", "test", "build", "ci", "chore", "revert"],
"scope": {
"required": false,
"allowed": ["*"],
"validate": false,
"multiple": false
},
"warnOnFail": false,
"maxSubjectLength": 100,
"subjectPattern": ".+",
"subjectPatternErrorMsg": "subject does not match subject pattern!",
"helpMessage": "",
"autoFix": false
}
Alternatively, options can be specified in package.json
:
{
"config": {
"validate-commit-msg": {
/* your config here */
}
}
}
.vcmrc
has precedence, if it does not exist, then package.json
will be used.
These are the types that are allowed for your commit message. If omitted, the value is what is shown above.
You can also specify: "types": "*"
to indicate that you don't wish to validate types.
Or you can specify the name of a module that exports types according to the
conventional-commit-types
spec, e.g. "types": "conventional-commit-types"
.
This object defines scope requirements for the commit message. Possible properties are:
A boolean to define whether a scope is required for all commit messages.
An array of scopes that are allowed for your commit message.
You may also define it as "*"
which is the default to allow any scope names.
A boolean to define whether or not to validate the scope(s) provided.
A boolean to define whether or not to allow multiple scopes.
If this is set to true
errors will be logged to the console, however the commit will still pass.
This will control the maximum length of the subject.
Optional, accepts a RegExp to match the commit message subject against.
If subjectPattern
is provided, this message will be displayed if the commit message subject does not match the pattern.
If provided, the helpMessage string is displayed when a commit message is not valid. This allows projects to provide a better developer experience for new contributors.
The helpMessage
also supports interpolating a single %s
with the original commit message.
If this is set to true
, type will be auto fixed to all lowercase, subject first letter will be lowercased, and the commit will pass (assuming there's nothing else wrong with it).
Through node you can use as follows
var validateMessage = require('validate-commit-msg');
var valid = validateMessage('chore(index): an example commit message');
// valid = true
You can use your CI to validate your last commit message:
validate-commit-msg "$(git log -1 --pretty=%B)"
Note this will only validate the last commit message, not all messages in a pull request.
If your lerna repo looks something like this:
my-lerna-repo/
package.json
packages/
package-1/
package.json
package-2/
package.json
The scope of your commit message should be one (or more) of the packages:
EG:
{
"config": {
"validate-commit-msg": {
"scope": {
"required": true,
"allowed": ["package-1", "package-2"],
"validate": true,
"multiple": true
},
}
}
}
If the commit message begins with WIP
then none of the validation will happen.
This was originally developed by contributors to the angular.js project. I pulled it out so I could re-use this same kind of thing in other projects.
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
Script to validate a commit message follows the conventional changelog standard
We found that validate-commit-msg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.