Gathering detailed insights and metrics for @commitlint/parse
Gathering detailed insights and metrics for @commitlint/parse
Installations
npm install @commitlint/parseDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=v18
Node Version
18.20.8
NPM Version
lerna/8.2.2/node@v18.20.8+arm64 (darwin)
Score
94.2
Supply Chain
65.3
Quality
87
Maintenance
100
Vulnerability
99.3
License
Releases
167
Languages
2
TypeScript
JavaScript
TypeScript (90.63%)
JavaScript (9.37%)
Developer
Download Statistics
Total Downloads
532,874,197
Last Day
211,826
Last Week
4,134,872
Last Month
17,599,586
Last Year
173,751,898
GitHub Statistics
MIT License
17,593 Stars
3,001 Commits
930 Forks
65 Watchers
25 Branches
273 Contributors
Updated on Jun 09, 2025
Bundle Size
9.83 kB
Minified
3.55 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
19.8.1
Package Id
@commitlint/parse@19.8.1
Unpacked Size
4.51 kB
Size
2.27 kB
File Count
7
NPM Version
lerna/8.2.2/node@v18.20.8+arm64 (darwin)
Node Version
18.20.8
Published on
May 08, 2025
Total Downloads
Cumulative downloads
Total Downloads
532,874,197
Last Day
-12.3%
211,826
Compared to previous day
Last Week
-9%
4,134,872
Compared to previous week
Last Month
7.1%
17,599,586
Compared to previous month
Last Year
35.3%
173,751,898
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Get Started | Website
Lint commit messages
Demo generated with svg-term-cli
cat docs/assets/commitlint.json | svg-term --out docs/public/assets/commitlint.svg --frame --profile=Seti --height=20 --width=80
- 🚓 Be a good
commitizen - 📦 Share configuration via
npm - 🤖 Tap into
conventional-changelog
Contents
What is commitlint
commitlint checks if your commit messages meet the conventional commit format.
In general the pattern mostly looks like this:
1type(scope?): subject #scope is optional; multiple scopes are supported (current delimiter options: "/", "\" and ",")
Real world examples can look like this:
1chore: run tests on travis ci
1fix(server): send cors headers
1feat(blog): add comment section
Common types according to commitlint-config-conventional (based on the Angular convention) can be:
- build
- chore
- ci
- docs
- feat
- fix
- perf
- refactor
- revert
- style
- test
These can be modified by your own configuration.
Benefits of using commitlint
Getting started
- Local setup - Lint messages on commit with husky
- CI setup - Lint messages during CI builds
CLI
- Primary way to interact with commitlint.
npm install --save-dev @commitlint/cli- Packages: cli
Config
- Configuration is picked up from:
.commitlintrc.commitlintrc.json.commitlintrc.yaml.commitlintrc.yml.commitlintrc.js.commitlintrc.cjs.commitlintrc.mjs.commitlintrc.ts.commitlintrc.ctscommitlint.config.jscommitlint.config.cjscommitlint.config.mjscommitlint.config.tscommitlint.config.ctscommitlintfield inpackage.jsoncommitlintfield inpackage.yaml
- Packages: cli, core
- See Rules for a complete list of possible rules
- An example configuration can be found at @commitlint/config-conventional
Important note about Node 24+
Node v24 changes the way that modules are loaded, and this includes the commitlint config file. If your project does not contain a package.json, commitlint may fail to load the config, resulting in a Please add rules to your commitlint.config.js error message. This can be fixed by doing either of the following:
- Add a
package.jsonfile, declaring your project as an ES6 module. This can be done easily by runningnpm init es6. - Rename the config file from
commitlint.config.jstocommitlint.config.mjs.
Shared configuration
A number of shared configurations are available to install and use with commitlint:
- @commitlint/config-angular
- @commitlint/config-conventional
- @commitlint/config-lerna-scopes
- @commitlint/config-nx-scopes
- @commitlint/config-patternplate
- @commitlint/config-workspace-scopes
- conventional-changelog-lint-config-atom
- conventional-changelog-lint-config-canonical
⚠️ If you want to publish your own shareable config then make sure it has a name aligning with the pattern
commitlint-config-emoji-logorcommitlint-config-your-config-name— then in extend all you have to write isemoji-logoryour-config-name.
Documentation
Check the main website.
API
- Alternative, programmatic way to interact with
commitlint - Packages:
- See API for a complete list of methods and examples
Tools
Roadmap
commitlint is considered stable and is used in various projects as a development tool.
Version Support and Releases
- Node.js LTS
>= 18 - git
>= 2.13.2
Releases
Security patches will be applied to versions which are not yet EOL.
Features will only be applied to the current main version.
| Release | Initial release |
|---|---|
| v19 | 02/2024 |
| v18 | 10/2023 |
EOL is usually after around a year.
We're not a sponsored OSS project. Therefore we can't promise that we will release patch versions for older releases in a timely manner.
If you are stuck on an older version and need a security patch we're happy if you can provide a PR.
Related projects
- conventional-changelog Generate a changelog from conventional commit history
- commitizen Simple commit conventions for internet citizens
- create-semantic-module CLI for quickly integrating commitizen and commitlint in new or existing projects
License
Copyright by @marionebl. All commitlint packages are released under the MIT license.
Development
commitlint is developed in a mono repository.
Install and run
1git clone git@github.com:conventional-changelog/commitlint.git 2cd commitlint 3yarn 4yarn run build # run build tasks 5yarn start # run tests, again on change 6yarn run commitlint # run CLI
For more information on how to contribute please take a look at our contribution guide.
No vulnerabilities found.
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/container-build.yml:12
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Reason
Found 3/4 approved changesets -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: containerImage not pinned by hash: Dockerfile.ci:1
- Warn: containerImage not pinned by hash: Dockerfile.ci:28: pin your Docker image by updating docker.io/library/node:18-alpine to docker.io/library/node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e
- Warn: containerImage not pinned by hash: Dockerfile.dev:1: pin your Docker image by updating brainpower/node-cubicle to brainpower/node-cubicle@sha256:6e49767749c600da4405b0acc7b7a7494db077f39f6464b904473d1068302542
- Warn: npmCommand not pinned by hash: Dockerfile.ci:31-34
- Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:77
- Info: 11 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/container-build.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docs-deploy.yml:10
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
6.1
/10
Last Scanned on 2025-06-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More