Gathering detailed insights and metrics for @commitlint/config-angular
Gathering detailed insights and metrics for @commitlint/config-angular
Installations
npm install @commitlint/config-angularDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=v18
Node Version
18.20.8
NPM Version
lerna/8.2.2/node@v18.20.8+arm64 (darwin)
Score
99.8
Supply Chain
97.5
Quality
87.3
Maintenance
100
Vulnerability
100
License
Releases
167
Languages
2
TypeScript
JavaScript
TypeScript (90.63%)
JavaScript (9.37%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
17,592 Stars
3,001 Commits
930 Forks
65 Watchers
25 Branches
273 Contributors
Updated on Jun 08, 2025
Bundle Size
825.00 B
Minified
446.00 B
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
19.8.1
Package Id
@commitlint/config-angular@19.8.1
Unpacked Size
6.03 kB
Size
2.46 kB
File Count
4
NPM Version
lerna/8.2.2/node@v18.20.8+arm64 (darwin)
Node Version
18.20.8
Published on
May 08, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
2
Get Started | Website
Lint commit messages
Demo generated with svg-term-cli
cat docs/assets/commitlint.json | svg-term --out docs/public/assets/commitlint.svg --frame --profile=Seti --height=20 --width=80
- 🚓 Be a good
commitizen - 📦 Share configuration via
npm - 🤖 Tap into
conventional-changelog
Contents
What is commitlint
commitlint checks if your commit messages meet the conventional commit format.
In general the pattern mostly looks like this:
1type(scope?): subject #scope is optional; multiple scopes are supported (current delimiter options: "/", "\" and ",")
Real world examples can look like this:
1chore: run tests on travis ci
1fix(server): send cors headers
1feat(blog): add comment section
Common types according to commitlint-config-conventional (based on the Angular convention) can be:
- build
- chore
- ci
- docs
- feat
- fix
- perf
- refactor
- revert
- style
- test
These can be modified by your own configuration.
Benefits of using commitlint
Getting started
- Local setup - Lint messages on commit with husky
- CI setup - Lint messages during CI builds
CLI
- Primary way to interact with commitlint.
npm install --save-dev @commitlint/cli- Packages: cli
Config
- Configuration is picked up from:
.commitlintrc.commitlintrc.json.commitlintrc.yaml.commitlintrc.yml.commitlintrc.js.commitlintrc.cjs.commitlintrc.mjs.commitlintrc.ts.commitlintrc.ctscommitlint.config.jscommitlint.config.cjscommitlint.config.mjscommitlint.config.tscommitlint.config.ctscommitlintfield inpackage.jsoncommitlintfield inpackage.yaml
- Packages: cli, core
- See Rules for a complete list of possible rules
- An example configuration can be found at @commitlint/config-conventional
Important note about Node 24+
Node v24 changes the way that modules are loaded, and this includes the commitlint config file. If your project does not contain a package.json, commitlint may fail to load the config, resulting in a Please add rules to your commitlint.config.js error message. This can be fixed by doing either of the following:
- Add a
package.jsonfile, declaring your project as an ES6 module. This can be done easily by runningnpm init es6. - Rename the config file from
commitlint.config.jstocommitlint.config.mjs.
Shared configuration
A number of shared configurations are available to install and use with commitlint:
- @commitlint/config-angular
- @commitlint/config-conventional
- @commitlint/config-lerna-scopes
- @commitlint/config-nx-scopes
- @commitlint/config-patternplate
- @commitlint/config-workspace-scopes
- conventional-changelog-lint-config-atom
- conventional-changelog-lint-config-canonical
⚠️ If you want to publish your own shareable config then make sure it has a name aligning with the pattern
commitlint-config-emoji-logorcommitlint-config-your-config-name— then in extend all you have to write isemoji-logoryour-config-name.
Documentation
Check the main website.
API
- Alternative, programmatic way to interact with
commitlint - Packages:
- See API for a complete list of methods and examples
Tools
Roadmap
commitlint is considered stable and is used in various projects as a development tool.
Version Support and Releases
- Node.js LTS
>= 18 - git
>= 2.13.2
Releases
Security patches will be applied to versions which are not yet EOL.
Features will only be applied to the current main version.
| Release | Initial release |
|---|---|
| v19 | 02/2024 |
| v18 | 10/2023 |
EOL is usually after around a year.
We're not a sponsored OSS project. Therefore we can't promise that we will release patch versions for older releases in a timely manner.
If you are stuck on an older version and need a security patch we're happy if you can provide a PR.
Related projects
- conventional-changelog Generate a changelog from conventional commit history
- commitizen Simple commit conventions for internet citizens
- create-semantic-module CLI for quickly integrating commitizen and commitlint in new or existing projects
License
Copyright by @marionebl. All commitlint packages are released under the MIT license.
Development
commitlint is developed in a mono repository.
Install and run
1git clone git@github.com:conventional-changelog/commitlint.git 2cd commitlint 3yarn 4yarn run build # run build tasks 5yarn start # run tests, again on change 6yarn run commitlint # run CLI
For more information on how to contribute please take a look at our contribution guide.
No vulnerabilities found.
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/container-build.yml:12
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Reason
Found 3/4 approved changesets -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: containerImage not pinned by hash: Dockerfile.ci:1
- Warn: containerImage not pinned by hash: Dockerfile.ci:28: pin your Docker image by updating docker.io/library/node:18-alpine to docker.io/library/node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e
- Warn: containerImage not pinned by hash: Dockerfile.dev:1: pin your Docker image by updating brainpower/node-cubicle to brainpower/node-cubicle@sha256:6e49767749c600da4405b0acc7b7a7494db077f39f6464b904473d1068302542
- Warn: npmCommand not pinned by hash: Dockerfile.ci:31-34
- Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:77
- Info: 11 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/container-build.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docs-deploy.yml:10
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
6.1
/10
Last Scanned on 2025-06-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More