Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
| CI/CD |     |
| Package |    |
| Meta |       |
semvergit
semvergit is a CLI tool to manage your project's version numbers. It uses Semantic Versioning to bump the version number. The supported bump types are:
majorminorpatchprerelease
Internal Workflow
What's actully happening when you run this tool
- Use the latest git tag to determine the current version number.
- Bump the version number
- Create a new git tag
- Push the tag to the remote
Why?
I created this tool to help me manage my project's version numbers. I wanted a simple tool that I could use in my CI/CD pipeline to bump the version number and tag the commit.
Features
❇️ Bump the version number and update the git tag in one command
❇️ Dry run mode
❇️ Verbose mode
❇️ Custom commit message*
❇️ Auto commit message*
🆕 Version 0.4+ introduces the ability to automatically update the version number in a file*
*Please see the limitations section below
How to use
Simple install using
pip install semvergit
Then you can use it in your project as simply as:
semvergit -t patch -v
(to bump the patch version)
This will:
- create the relvant tag (in this case a patch bump 0.0.x -> 0.0.x+1)
- push it to the remote
Please checkout semvergit --help for more info.
Usage: semvergit [OPTIONS] COMMAND [ARGS]...
CLI for semvergit.
Options:
--version Show the version and exit.
-d, --dry_run Dry run
-v, --verbose Verbose level [0<=x<=2]
-t, --bump_type TEXT Bump Type ['major', 'minor', 'patch', 'prerelease']
-m, --message TEXT Commit message
-am, --auto_message Auto commit message
-f, --version_file FILE Version file
--help Show this message and exit.
Limitations
Please keep in mind that when using features like commit message / auto commit message and version file the tool will try and commit the changes to the git repo.
Even though this is quite handy, it should be used mannually as it cannot be used directly in a CI/CD pipeline directed at master or main branches as it will likly fail due to the commit not being allowed without a PR.
💡 Only git tags can be pushed to the remote without a PR (and this is the main use case for this tool).
Development
Please see CONTRIBUTING.md
License
This project is published under the MIT license.
If you do find it useful, please consider contributing your changes back upstream.
Keywords
FAQs
Manage your project's version numbers.
We found that semvergit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024