Installations
npm install @commitlint/lintDeveloper
Developer Guide
Module System
ESM
Min. Node Version
>=v18
Typescript Support
Yes
Node Version
18.20.4
NPM Version
lerna/6.4.1/node@v18.20.4+arm64 (darwin)
Statistics
16,931 Stars
2,800 Commits
912 Forks
68 Watching
23 Branches
266 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (91.48%)
JavaScript (8.52%)
Total Downloads
Cumulative downloads
Total Downloads
441,327,563
Last day
-4%
696,962
Compared to previous day
Last week
2.3%
3,997,102
Compared to previous week
Last month
15.8%
16,234,394
Compared to previous month
Last year
24%
148,272,398
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
2
Get Started | Website
Lint commit messages
Demo generated with svg-term-cli
cat docs/assets/commitlint.json | svg-term --out docs/public/assets/commitlint.svg --frame --profile=Seti --height=20 --width=80
- 🚓 Be a good
commitizen - 📦 Share configuration via
npm - 🤖 Tap into
conventional-changelog
Contents
What is commitlint
commitlint checks if your commit messages meet the conventional commit format.
In general the pattern mostly looks like this:
1type(scope?): subject #scope is optional; multiple scopes are supported (current delimiter options: "/", "\" and ",")
Real world examples can look like this:
1chore: run tests on travis ci
1fix(server): send cors headers
1feat(blog): add comment section
Common types according to commitlint-config-conventional (based on the Angular convention) can be:
- build
- chore
- ci
- docs
- feat
- fix
- perf
- refactor
- revert
- style
- test
These can be modified by your own configuration.
Benefits of using commitlint
Getting started
- Local setup - Lint messages on commit with husky
- CI setup - Lint messages during CI builds
CLI
- Primary way to interact with commitlint.
npm install --save-dev @commitlint/cli- Packages: cli
Config
- Configuration is picked up from:
.commitlintrc.commitlintrc.json.commitlintrc.yaml.commitlintrc.yml.commitlintrc.js.commitlintrc.cjs.commitlintrc.mjs.commitlintrc.ts.commitlintrc.ctscommitlint.config.jscommitlint.config.cjscommitlint.config.mjscommitlint.config.tscommitlint.config.ctscommitlintfield inpackage.jsoncommitlintfield inpackage.yaml
- Packages: cli, core
- See Rules for a complete list of possible rules
- An example configuration can be found at @commitlint/config-conventional
Shared configuration
A number of shared configurations are available to install and use with commitlint:
- @commitlint/config-angular
- @commitlint/config-conventional
- @commitlint/config-lerna-scopes
- @commitlint/config-nx-scopes
- @commitlint/config-patternplate
- conventional-changelog-lint-config-atom
- conventional-changelog-lint-config-canonical
⚠️ If you want to publish your own shareable config then make sure it has a name aligning with the pattern
commitlint-config-emoji-logorcommitlint-config-your-config-name— then in extend all you have to write isemoji-logoryour-config-name.
Documentation
Check the main website.
API
- Alternative, programmatic way to interact with
commitlint - Packages:
- See API for a complete list of methods and examples
Tools
Roadmap
commitlint is considered stable and is used in various projects as a development tool.
Version Support and Releases
- Node.js LTS
>= 18 - git
>= 2.13.2
Releases
Security patches will be applied to versions which are not yet EOL.
Features will only be applied to the current main version.
| Release | Initial release |
|---|---|
| v19 | 02/2024 |
| v18 | 10/2023 |
EOL is usually after around a year.
We're not a sponsored OSS project. Therefore we can't promise that we will release patch versions for older releases in a timely manner.
If you are stuck on an older version and need a security patch we're happy if you can provide a PR.
Related projects
- conventional-changelog Generate a changelog from conventional commit history
- commitizen Simple commit conventions for internet citizens
- create-semantic-module CLI for quickly integrating commitizen and commitlint in new or existing projects
License
Copyright by @marionebl. All commitlint packages are released under the MIT license.
Development
commitlint is developed in a mono repository.
Install and run
1git clone git@github.com:conventional-changelog/commitlint.git 2cd commitlint 3yarn 4yarn run build # run build tasks 5yarn start # run tests, again on change 6yarn run commitlint # run CLI
For more information on how to contribute please take a look at our contribution guide.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/container-build.yml:12
Reason
Found 9/11 approved changesets -- score normalized to 8
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/container-build.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docs-deploy.yml:10
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/container-build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/container-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/container-build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/container-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/container-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/container-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/container-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/docs-deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/commitlint/docs-deploy.yml/master?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile.ci:1
- Warn: containerImage not pinned by hash: Dockerfile.ci:28: pin your Docker image by updating docker.io/library/node:18-alpine to docker.io/library/node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
- Warn: containerImage not pinned by hash: Dockerfile.dev:1: pin your Docker image by updating brainpower/node-cubicle to brainpower/node-cubicle@sha256:6e49767749c600da4405b0acc7b7a7494db077f39f6464b904473d1068302542
- Warn: npmCommand not pinned by hash: Dockerfile.ci:31-34
- Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:77
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
5.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More