Gathering detailed insights and metrics for @conventional-commits/parser
Gathering detailed insights and metrics for @conventional-commits/parser
Installations
npm install @conventional-commits/parserReleases
5
@conventional-commits/parser v0.4.1
v0.4.1
Published on 07 Jan 2021
@conventional-commits/parser v0.4.0
v0.4.0
Published on 07 Jan 2021
@conventional-commits/parser v0.3.0
v0.3.0
Published on 30 Dec 2020
@conventional-commits/parser v0.2.0
v0.2.0
Published on 28 Dec 2020
initial release
v0.1.0
Published on 28 Dec 2020
Developer
conventional-commits
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
14.15.1
NPM Version
6.14.8
Statistics
46 Stars
29 Commits
7 Forks
5 Watching
6 Branches
8 Contributors
Updated on 29 Oct 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
6,066,806
Last day
-9.4%
45,171
Compared to previous day
Last week
-17.2%
220,639
Compared to previous week
Last month
-1.8%
1,166,109
Compared to previous month
Last year
687.9%
5,064,443
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Conventional Commits Parser
Reference implementation of Conventional Commits specification.
Outputs a tree structure based on the unist specification.
Install
npm i @conventional-commits/parser
Usage
1const {parser} = require('@conventional-commits/parser') 2const ast = parser('feat(parser): add support for scopes')
API
parser(text: string)
Runs conventional commits parser on the string provided.
- Returns: Object adhering to unist spec.
toConventionalChangelogFormat(ast: object)
Given an object, representing the parsed commit messages in unist format,
returns an object useable by the conventional-changelog ecosystem of libraries.
The Grammar
The parser is based on the following grammar. An effort is made to keep this in sync with the written specification on conventionalcommits.org.
1/* See: https://tools.ietf.org/html/rfc3629#section-4 */ 2<UTF8-char> ::= "Placeholder for UTF-8 grammar" 3<UTF8-octets> ::= <UTF8char>+ 4 5<CR> ::= "0x000D" 6<LF> ::= "0x000A" 7<newline> ::= [<CR>], <LF> 8<parens> ::= "(" | ")" 9<ZWNBSP> ::= "U+FEFF" 10<TAB> ::= "U+0009" 11<VT> ::= "U+000B" 12<FF> ::= "U+000C" 13<SP> ::= "U+0020" 14<NBSP> ::= "U+00A0" 15/* See: https://www.ecma-international.org/ecma-262/11.0/index.html#sec-white-space */ 16<USP> ::= "Any other Unicode 'Space_Separator' code point" 17/* Any non-newline whitespace: */ 18<whitespace> ::= <ZWNBSP> | <TAB> | <VT> | <FF> | <SP> | <NBSP> | <USP> 19 20<message> ::= <summary>, <newline>+, <body>, (<newline>+, <footer>)* 21 | <summary>, (<newline>+, <footer>)* 22 | <summary>, <newline>* 23 24/* "!" should be added to the AST as a <breaking-change> node with the value "!" */ 25<summary> ::= <type>, "(", <scope>, ")", ["!"], ":", <whitespace>*, <text> 26 | <type>, ["!"], ":", <whitespace>*, <text> 27<type> ::= <any UTF8-octets except newline or parens or ":" or "!:" or whitespace>+ 28<scope> ::= <any UTF8-octets except newline or parens>+ 29<text> ::= <any UTF8-octets except newline>* 30 31 32<body> ::= [<any body-text except pre-footer>], <newline>, <body>* 33 | [<any body-text except pre-footer>] 34/* For convenience the <breaking-change>, <separator>, <whitespace>, and 35 * <text> tokens of <body-text> should be appended as children to <body> */ 36<body-text> ::= [<breaking-change>, ":", <whitespace>*], text 37/* Note: <pre-footer> is used during parsing, but not returned in the AST. */ 38<pre-footer> ::= <newline>+, <footer> 39 40<footer> ::= <token>, <separator>, <whitespace>*, <value> 41/* "!" should be added to the AST as a <breaking-change> node with the value "!" */ 42<token> ::= <breaking-change> 43 | <type>, "(" <scope> ")", ["!"] 44 | <type>, ["!"] 45<separator> ::= ":" | " #" 46<value> ::= <text>, <continuation>+ 47 | <text> 48<continuation> ::= <newline>, <whitespace>+, <text> 49 50<breaking-change> ::= "BREAKING CHANGE" | "BREAKING-CHANGE"
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.txt:0
Reason
Found 17/25 approved changesets -- score normalized to 6
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/conventional-commits/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/conventional-commits/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/conventional-commits/.github/SECURITY.md:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:21
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:39
- Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:27
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More