npmpackage.info

Gathering detailed insights and metrics for @anolilab/semantic-release-preset

@anolilab/semantic-release-preset - 11.0.2 | npmpackage.info

@anolilab/semantic-release-preset

A multi semantic release tool for monorepos.

11.0.2

MIT

TypeScript

64.06 kB

6.6

Installations

npm install @anolilab/semantic-release-preset

Developer Guide

BETA

Typescript

No

Module System

CommonJS, ESM

Min. Node Version

>=20.8.1

Node Version

20.19.2

NPM Version

10.9.3 Pull Requests

Open

6

Total

167

Closed

69

Merged

92

Issues

Open

1

Total

8

Closed

7

Releases

@anolilab/multi-semantic-release@2.0.2

Updated on Jul 02, 2025

@anolilab/semantic-release-preset@11.0.2

Updated on Jul 02, 2025

@anolilab/semantic-release-clean-package-json@3.0.2

Updated on Jul 02, 2025

@anolilab/semantic-release-pnpm@2.0.2

Updated on Jul 02, 2025

@anolilab/rc@2.0.2

Updated on Jul 02, 2025

@anolilab/multi-semantic-release@2.0.1

Updated on Jul 02, 2025

View All 82 releases

Languages

TypeScript

JavaScript

Handlebars

Shell

TypeScript (49.27%)

JavaScript (48.6%)

Handlebars (1.38%)

Shell (0.75%)

Developer

anolilab

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

43 Stars

578 Commits

3 Watchers

11 Branches

2 Contributors

Updated on Jul 13, 2025

Sponsor this package

https://github.com/sponsors/prisis https://anolilab.com/support

Maintainers

View All 2 Contributors

Package Meta Information

Latest Version

11.0.2

Package Id

@anolilab/semantic-release-preset@11.0.2

Unpacked Size

64.06 kB

Size

12.59 kB

File Count

NPM Version

10.9.3

Node Version

20.19.2

Published on

Jul 02, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@anolilab/semantic-release-clean-package-json @semantic-release/changelog @semantic-release/commit-analyzer @semantic-release/exec @semantic-release/git @semantic-release/github @semantic-release/release-notes-generator conventional-changelog-conventionalcommits

Peer Dependencies

@anolilab/semantic-release-pnpm @semantic-release/npm semantic-release semantic-release-yarn

Shareable semantic-release configuration

A shareable semantic-release configuration, for enforcing consistent GitHub/NPM releases in your projects.

^{Daniel Bannert's open source work is supported by the community on GitHub Sponsors}

Purpose

This configuration also includes a semantic-release configuration, which enables automated GitHub/NPM releases based on your commit messages.

Install

1npm install --dev-save semantic-release @anolilab/semantic-release-preset

1yarn add -D semantic-release @anolilab/semantic-release-preset

1pnpm add -D semantic-release @anolilab/semantic-release-preset

Plugins

We use the following plugins within the Semantic Release ecosystem:

@semantic-release/changelog
@semantic-release/commit-analyzer
@semantic-release/exec
@semantic-release/git
@semantic-release/github
@semantic-release/npm (optional)
@semantic-release/release-notes-generator
@anolilab/semantic-release-pnpm (optional)
semantic-release-yarn (optional)

Summary

This shareable configuration performs the following actions:

Analyze commits (@semantic-release/commit-analyzer)
Generate changelog content (@semantic-release/release-notes-generator)
Create or update a changelog file generated by step 2 (@semantic-release/changelog)
Update the package version to the next release version
Commit release assets to the project’s git repository with the commit message chore(release): ${nextRelease.version} [skip ci] ${nextRelease.notes}.
Publish a npm release with (@semantic-release/npm or @anolilab/semantic-release-pnpm or semantic-release-yarn) (optional)
Publish a GitHub release and comment on released Pull Requests/Issues (@semantic-release/github)

Usage

When installing this package for the first time, the following shareable configuration .releaserc.json is automatically added to your project folder:

Note: If the script detects an existing .releaserc.json file, it will not overwrite it.

Note: It can happen that the postinstall script don't run, then you have to add the .releaserc.json manually.

Npm release with @semantic-release/npm:

1{
2    "extends": "@anolilab/semantic-release-preset/npm"
3}

Npm release with @anolilab/semantic-release-pnpm:

1{
2    "extends": "@anolilab/semantic-release-preset/pnpm"
3}

Npm release with semantic-release-yarn:

1{
2    "extends": "@anolilab/semantic-release-preset/yarn"
3}

Without npm release:

1{
2    "extends": "@anolilab/semantic-release-preset"
3}

File content of the extended preset

1{
2    branches: [
3        "+([0-9])?(.{+([0-9]),x}).x",
4        "main",
5        "next",
6        "next-major",
7        {
8            name: "beta",
9            prerelease: true,
10        },
11        {
12            name: "alpha",
13            prerelease: true,
14        },
15    ],
16    plugins: [
17        [
18            "@semantic-release/commit-analyzer",
19            {
20                preset: "conventionalcommits",
21            },
22        ],
23        [
24            "@semantic-release/release-notes-generator",
25            {
26                preset: "conventionalcommits",
27            },
28        ],
29        "@semantic-release/changelog",
30        "@semantic-release/npm", // optional
31        [
32            "@semantic-release/git",
33            {
34                message: "chore(release): ${nextRelease.gitTag} [skip ci]\\n\\n${nextRelease.notes}",
35            },
36        ],
37        [
38            "@semantic-release/github",
39            {
40                successComment: false,
41                failComment: false,
42            },
43        ],
44    ],
45}

deprecation

You want to deprecate old versions of your package?

Option one is the semantic-release-npm-deprecate-old-versions

Install

1npm install --dev-save semantic-release-npm-deprecate-old-versions

1pnpm add -D semantic-release-npm-deprecate-old-versions

1yarn add -D semantic-release-npm-deprecate-old-versions

No problem, just add the following to your .releaserc.json:

1{
2    "extends": "@anolilab/semantic-release-preset/npm",
3    "plugins": [
4        [
5            "semantic-release-npm-deprecate-old-versions",
6            {
7                "rules": [
8                    {
9                        "rule": "supportLatest",
10                        "options": {
11                            "numberOfMajorReleases": 1,
12                            "numberOfMinorReleases": 1,
13                            "numberOfPatchReleases": 1
14                        }
15                    },
16                    {
17                        "rule": "supportPreReleaseIfNotReleased",
18                        "options": {
19                            "numberOfPreReleases": 1
20                        }
21                    },
22                    "deprecateAll"
23                ]
24            }
25        ]
26    ]
27}

Find out how to configure the plugin here.

Option one is the semantic-release-npm-deprecate

Install

1npm install --dev-save semantic-release-npm-deprecate-old-versions

1pnpm add -D semantic-release-npm-deprecate-old-versions

1yarn add -D semantic-release-npm-deprecate-old-versions

No problem, just add the following to your .releaserc.json:

1{
2    "extends": "@anolilab/semantic-release-preset/npm",
3    "plugins": [
4        [
5            "semantic-release-npm-deprecate",
6            {
7                "deprecations": [
8                    {
9                        "version": "< ${nextRelease.version.split('.')[0]}",
10                        "message": "Please use ^${nextRelease.version.split('.')[0]}.0.0."
11                    }
12                ]
13            }
14        ]
15    ]
16}

Find out how to configure the plugin here.

Environment Variables Configuration

Ensure that your CI configuration has the following environment variables set:

GITHUB_TOKEN: A GitHub personal access token
- When a new release is published, this plugin will try to commit and push into the released branch. Ensure that the user that is running the release has push rights and can bypass branch protection rules.
NPM_TOKEN: A npm personal access token
- A NPM token so the package can be published to NPM (a .npmrc file with extra configuration can also be used)

You can test your config with a dry run:

1npx semantic-release --dry-run

GitHub workflows

If you're configuring a GitHub workflow you might want to do a test build matrix first and then publish only if those tests succeed across all environments. The following will do just that, immediately after something is merged into main.

Here’s an example workflow configuration that runs your tests and publishes a new version for new commits on main branch:

Single semantic-release example with yarn, (you can do the same with pnpm or npm)

1# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
2
3name: "Semantic Release"
4
5on: # yamllint disable-line rule:truthy
6    push:
7        branches:
8            - "([0-9])?(.{+([0-9]),x}).x"
9            - "main"
10            - "next"
11            - "next-major"
12            - "alpha"
13            - "beta"
14
15jobs:
16    test:
17        name: "Semantic Release"
18
19        runs-on: "ubuntu-latest"
20
21        steps:
22            - uses: "actions/checkout@v2"
23              with:
24                  fetch-depth: 0
25                  persist-credentials: false
26              env:
27                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
28                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
29                  EMAIL: "github-actions[bot]@users.noreply.github.com"
30
31            - name: "Use Node.js 12.x"
32              uses: "actions/setup-node@v2"
33              with:
34                  node-version: "12.x"
35
36            - name: "Get yarn cache directory path"
37              id: "yarn-cache-dir-path"
38              run: 'echo "::set-output name=dir::$(yarn config get cacheFolder)"'
39
40            - uses: "actions/cache@v2"
41              id: "yarn-cache" # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
42              with:
43                  path: "${{ steps.yarn-cache-dir-path.outputs.dir }}"
44                  key: "${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}"
45                  restore-keys: |
46                      ${{ runner.os }}-yarn-
47
48            - name: "install"
49              run: "yarn install --immutable"
50
51            - name: "Build packages"
52              run: "yarn build"
53
54            - name: "test"
55              run: "yarn run test"
56
57    semantic-release:
58        name: "Semantic Release"
59
60        runs-on: "ubuntu-latest"
61
62        needs: ["test"]
63
64        steps:
65            - uses: "actions/checkout@v2"
66              with:
67                  fetch-depth: 0
68                  persist-credentials: false
69              env:
70                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
71                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
72                  EMAIL: "github-actions[bot]@users.noreply.github.com"
73
74            - name: "Use Node.js 12.x"
75              uses: "actions/setup-node@v2"
76              with:
77                  node-version: "12.x"
78
79            - name: "Get yarn cache directory path"
80              id: "yarn-cache-dir-path"
81              run: 'echo "::set-output name=dir::$(yarn config get cacheFolder)"'
82
83            - uses: "actions/cache@v2"
84              id: "yarn-cache" # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
85              with:
86                  path: "${{ steps.yarn-cache-dir-path.outputs.dir }}"
87                  key: "${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}"
88                  restore-keys: |
89                      ${{ runner.os }}-yarn-
90
91            - name: "install"
92              run: "yarn install --immutable"
93
94            - name: "Build packages"
95              if: "success()"
96              run: "yarn build"
97
98            - name: "Semantic Release"
99              if: "success()"
100              env:
101                  GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
102                  NPM_TOKEN: "${{ secrets.NPM_AUTH_TOKEN }}"
103                  GIT_AUTHOR_NAME: "github-actions-shell"
104                  GIT_AUTHOR_EMAIL: "github-actions[bot]@users.noreply.github.com"
105                  GIT_COMMITTER_NAME: "github-actions-shell"
106                  GIT_COMMITTER_EMAIL: "github-actions[bot]@users.noreply.github.com"
107              run: "npx semantic-release"

To release multi package repositories, you need to install @anolilab/multi-semantic-release and semantic-release.

Multi package semantic-release example with pnpm

1# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
2
3name: "Semantic Release"
4
5on: # yamllint disable-line rule:truthy
6    push:
7        branches:
8            - "([0-9])?(.{+([0-9]),x}).x"
9            - "main"
10            - "next"
11            - "next-major"
12            - "alpha"
13            - "beta"
14
15# Enable this to use the github packages
16# yamllint disable-line rule:comments
17#env:
18#    package: "@${{ github.repository }}"
19#    registry_url: "https://npm.pkg.github.com"
20#    scope: "${{ github.repository_owner }}"
21
22jobs:
23    test:
24        strategy:
25            matrix:
26                os: ["ubuntu-latest"]
27                node_version: ["16", "18", "19", "20"]
28            fail-fast: false
29
30        name: "Build & Unit Test: node-${{ matrix.node_version }}, ${{ matrix.os }}"
31
32        runs-on: "${{ matrix.os }}"
33
34        steps:
35            - name: "Git checkout"
36              uses: "actions/checkout@v3"
37              env:
38                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
39                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
40                  EMAIL: "github-actions[bot]@users.noreply.github.com"
41
42            - uses: "pnpm/action-setup@v2.2.4"
43              with:
44                  version: 8
45                  run_install: false
46
47            - name: "Set node version to ${{ matrix.node_version }}"
48              uses: "actions/setup-node@v3"
49              with:
50                  node-version: "${{ matrix.node_version }}"
51                  cache: "pnpm"
52
53            - name: "Check npm version"
54              run: "npm -v"
55              env:
56                  SKIP_CHECK: "true"
57
58            - name: "Install packages"
59              run: "pnpm install --frozen-lockfile"
60              env:
61                  SKIP_CHECK: "true"
62
63            # - name: "Build"
64            #   run: "pnpm run build:packages"
65
66            # - name: "test and coverage"
67            #   run: "pnpm run test:coverage"
68
69    semantic-release:
70        name: "Semantic Release"
71
72        runs-on: "ubuntu-latest"
73
74        needs: ["test", "eslint"]
75
76        steps:
77            - name: "Git checkout"
78              uses: "actions/checkout@v3"
79              with:
80                  fetch-depth: 0
81                  persist-credentials: false
82              env:
83                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
84                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
85                  EMAIL: "github-actions[bot]@users.noreply.github.com"
86
87            - uses: "pnpm/action-setup@v2.2.4"
88              with:
89                  version: 8
90                  run_install: false
91
92            - name: "Use Node.js 16.x"
93              uses: "actions/setup-node@v3"
94              with:
95                  node-version: "16.x"
96                  cache: "pnpm"
97
98            - name: "Check npm version"
99              run: "npm -v"
100              env:
101                  SKIP_CHECK: "true"
102
103            - name: "Install packages"
104              run: "pnpm install --frozen-lockfile"
105
106            # - name: "Build Production"
107            #   run: "pnpm run build:prod:packages"
108
109            - name: "npm v8.5+ requires workspaces-update to be set to false"
110              run: "echo 'workspaces-update=false' >> .npmrc"
111
112            - name: "Semantic Release"
113              if: "success()"
114              env:
115                  GITHUB_TOKEN: "${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}"
116                  NPM_TOKEN: "${{ secrets.NPM_AUTH_TOKEN }}"
117                  GIT_AUTHOR_NAME: "github-actions-shell"
118                  GIT_AUTHOR_EMAIL: "github-actions[bot]@users.noreply.github.com"
119                  GIT_COMMITTER_NAME: "github-actions-shell"
120                  GIT_COMMITTER_EMAIL: "github-actions[bot]@users.noreply.github.com"
121              run: "pnpm exec multi-semantic-release"
122
123    pnpm-lock-update:
124        name: "pnpm-lock.yaml update"
125
126        runs-on: "ubuntu-latest"
127
128        needs: ["semantic-release"]
129
130        steps:
131            - name: "Git checkout"
132              uses: "actions/checkout@v3"
133              with:
134                  fetch-depth: 2
135              env:
136                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
137                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
138                  EMAIL: "github-actions[bot]@users.noreply.github.com"
139
140            - uses: "pnpm/action-setup@v2.2.4"
141              with:
142                  version: 8
143
144            - name: "Use Node.js 16.x"
145              uses: "actions/setup-node@v3"
146              with:
147                  node-version: "16.x"
148
149            - name: "Update pnpm lock"
150              run: "pnpm install --no-frozen-lockfile"
151
152            - name: "Commit modified files"
153              uses: "stefanzweifel/git-auto-commit-action@v4.16.0"
154              with:
155                  commit_message: "chore: updated pnpm-lock.yaml"
156                  commit_author: "prisis <d.bannert@anolilab.de>"
157                  commit_user_email: "d.bannert@anolilab.de"
158                  commit_user_name: "prisis"
159                  branch: "${{ github.head_ref }}"

Note on GitHub protected branches

If you’re releasing a GitHub protected branch you need to change the git committer to an owner/admin and allow repo admins to bypass the branch protection (make sure "include administrators" is disabled in the branch protection rules.)

If your repo is under an organisation, you can create a bot account and give it admin rights on the repo. If your repo is under a personal account, you have no choice to make the repo owner the commiter for the release.

Either way, you have to create a GitHub personal access token for the committer account and give it the "repo" access rights. Then set it to the GH_TOKEN secret in your GitHub repository.

Note: GitHub secrets not shared with forks and pull requests, so no one that doesn’t have write access to your repo can use of them.

Supported Node.js Versions

Libraries in this ecosystem make the best effort to track Node.js’ release schedule. Here’s a post on why we think this is important.

Contributing

If you would like to help take a look at the list of issues and check our Contributing guild.

Note: please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

Credits

License

The anolilab javascript-style-guide is open-sourced software licensed under the MIT license

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

SAST

Determines if the project uses static code analysis.

10

License

Determines if the project has defined a license.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

8

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 8

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-file-maintenance.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/lock-file-maintenance.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/preview-release.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/preview-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/semantic-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/semantic-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/anolilab/semantic-release/test.yml/main?enable=pin
Warn: downloadThenRun not pinned by hash: .github/workflows/lint.yml:257
Info: 25 out of 25 GitHub-owned GitHubAction dependencies pinned
Info: 43 out of 53 third-party GitHubAction dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:33
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:34
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/lock-file-maintenance.yml:20
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/preview-release.yaml:22
Warn: jobLevel 'checks' permission set to 'write': .github/workflows/preview-release.yaml:24
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/require-allow-edits.yml:11
Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:31
Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:32
Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic-pull-request.yml:21
Warn: no topLevel permission defined: .github/workflows/allo-allo.yaml:1
Warn: no topLevel permission defined: .github/workflows/cache-clear.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
Info: topLevel 'contents' permission set to 'read': .github/workflows/comment-issue.yml:9
Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:17
Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:16
Info: topLevel 'contents' permission set to 'read': .github/workflows/lock-file-maintenance.yml:12
Warn: no topLevel permission defined: .github/workflows/lock-issues.yaml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/preview-release.yaml:8
Info: topLevel 'contents' permission set to 'read': .github/workflows/require-allow-edits.yml:6
Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:20
Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic-pull-request.yml:15
Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic-release.yml:16
Warn: no topLevel permission defined: .github/workflows/stale-issues.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:16

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.6

/10

Last Scanned on 2025-07-13T05:15:48Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More