Gathering detailed insights and metrics for @commitlint/cli
Gathering detailed insights and metrics for @commitlint/cli
Gathering detailed insights and metrics for @commitlint/cli
Gathering detailed insights and metrics for @commitlint/cli
npm install @commitlint/cli
Typescript
Module System
Min. Node Version
Node Version
NPM Version
87.3
Supply Chain
63.6
Quality
85.5
Maintenance
100
Vulnerability
95.6
License
TypeScript (90.61%)
JavaScript (9.39%)
Total Downloads
526,179,686
Last Day
208,927
Last Week
4,060,577
Last Month
17,287,017
Last Year
173,001,652
MIT License
17,683 Stars
3,061 Commits
929 Forks
63 Watchers
25 Branches
273 Contributors
Updated on Jul 06, 2025
Minified
Minified + Gzipped
Latest Version
19.8.1
Package Id
@commitlint/cli@19.8.1
Unpacked Size
31.69 kB
Size
9.52 kB
File Count
17
NPM Version
lerna/8.2.2/node@v18.20.8+arm64 (darwin)
Node Version
18.20.8
Published on
May 08, 2025
Cumulative downloads
Total Downloads
Last Day
-12.7%
208,927
Compared to previous day
Last Week
-9.1%
4,060,577
Compared to previous week
Last Month
6.8%
17,287,017
Compared to previous month
Last Year
37.1%
173,001,652
Compared to previous year
Lint commit messages
Demo generated with svg-term-cli
cat docs/assets/commitlint.json | svg-term --out docs/public/assets/commitlint.svg --frame --profile=Seti --height=20 --width=80
commitizen
npm
conventional-changelog
commitlint checks if your commit messages meet the conventional commit format.
In general the pattern mostly looks like this:
1type(scope?): subject #scope is optional; multiple scopes are supported (current delimiter options: "/", "\" and ",")
Real world examples can look like this:
1chore: run tests on travis ci
1fix(server): send cors headers
1feat(blog): add comment section
Common types according to commitlint-config-conventional (based on the Angular convention) can be:
These can be modified by your own configuration.
npm install --save-dev @commitlint/cli
.commitlintrc
.commitlintrc.json
.commitlintrc.yaml
.commitlintrc.yml
.commitlintrc.js
.commitlintrc.cjs
.commitlintrc.mjs
.commitlintrc.ts
.commitlintrc.cts
commitlint.config.js
commitlint.config.cjs
commitlint.config.mjs
commitlint.config.ts
commitlint.config.cts
commitlint
field in package.json
commitlint
field in package.yaml
Node v24 changes the way that modules are loaded, and this includes the commitlint config file. If your project does not contain a package.json
, commitlint may fail to load the config, resulting in a Please add rules to your commitlint.config.js
error message. This can be fixed by doing either of the following:
package.json
file, declaring your project as an ES6 module. This can be done easily by running npm init es6
.commitlint.config.js
to commitlint.config.mjs
.A number of shared configurations are available to install and use with commitlint
:
⚠️ If you want to publish your own shareable config then make sure it has a name aligning with the pattern
commitlint-config-emoji-log
orcommitlint-config-your-config-name
— then in extend all you have to write isemoji-log
oryour-config-name
.
Check the main website.
commitlint
commitlint
is considered stable and is used in various projects as a development tool.
>= 18
>= 2.13.2
Security patches will be applied to versions which are not yet EOL.
Features will only be applied to the current main version.
Release | Initial release |
---|---|
v19 | 02/2024 |
v18 | 10/2023 |
EOL is usually after around a year.
We're not a sponsored OSS project. Therefore we can't promise that we will release patch versions for older releases in a timely manner.
If you are stuck on an older version and need a security patch we're happy if you can provide a PR.
Copyright by @marionebl. All commitlint
packages are released under the MIT license.
commitlint
is developed in a mono repository.
1git clone git@github.com:conventional-changelog/commitlint.git 2cd commitlint 3yarn 4yarn run build # run build tasks 5yarn start # run tests, again on change 6yarn run commitlint # run CLI
For more information on how to contribute please take a look at our contribution guide.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
Reason
1 existing vulnerabilities detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More