Gathering detailed insights and metrics for @conventional-commits/parser
Gathering detailed insights and metrics for @conventional-commits/parser
reference implementation of conventionalcommits.org spec
Installations
npm install @conventional-commits/parserDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
14.15.1
NPM Version
6.14.8
Score
99.5
Supply Chain
97.9
Quality
77.8
Maintenance
100
Vulnerability
100
License
Releases
5
@conventional-commits/parser v0.4.1
v0.4.1
Updated on Jan 07, 2021
@conventional-commits/parser v0.4.0
v0.4.0
Updated on Jan 07, 2021
@conventional-commits/parser v0.3.0
v0.3.0
Updated on Dec 30, 2020
@conventional-commits/parser v0.2.0
v0.2.0
Updated on Dec 28, 2020
initial release
v0.1.0
Updated on Dec 28, 2020
Languages
1
JavaScript
JavaScript (100%)
Developer
conventional-commits
Download Statistics
Total Downloads
10,818,227
Last Day
14,174
Last Week
104,350
Last Month
435,406
Last Year
9,171,583
GitHub Statistics
ISC License
49 Stars
31 Commits
8 Forks
5 Watchers
6 Branches
11 Contributors
Updated on May 20, 2025
Bundle Size
8.43 kB
Minified
2.82 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
0.4.1
Package Id
@conventional-commits/parser@0.4.1
Unpacked Size
28.16 kB
Size
7.98 kB
File Count
11
NPM Version
6.14.8
Node Version
14.15.1
Total Downloads
Cumulative downloads
Total Downloads
10,818,227
Last Day
610.1%
14,174
Compared to previous day
Last Week
-10.5%
104,350
Compared to previous week
Last Month
-15%
435,406
Compared to previous month
Last Year
785.4%
9,171,583
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Conventional Commits Parser
Reference implementation of Conventional Commits specification.
Outputs a tree structure based on the unist specification.
Install
npm i @conventional-commits/parser
Usage
1const {parser} = require('@conventional-commits/parser') 2const ast = parser('feat(parser): add support for scopes')
API
parser(text: string)
Runs conventional commits parser on the string provided.
- Returns: Object adhering to unist spec.
toConventionalChangelogFormat(ast: object)
Given an object, representing the parsed commit messages in unist format,
returns an object useable by the conventional-changelog ecosystem of libraries.
The Grammar
The parser is based on the following grammar. An effort is made to keep this in sync with the written specification on conventionalcommits.org.
1/* See: https://tools.ietf.org/html/rfc3629#section-4 */ 2<UTF8-char> ::= "Placeholder for UTF-8 grammar" 3<UTF8-octets> ::= <UTF8char>+ 4 5<CR> ::= "0x000D" 6<LF> ::= "0x000A" 7<newline> ::= [<CR>], <LF> 8<parens> ::= "(" | ")" 9<ZWNBSP> ::= "U+FEFF" 10<TAB> ::= "U+0009" 11<VT> ::= "U+000B" 12<FF> ::= "U+000C" 13<SP> ::= "U+0020" 14<NBSP> ::= "U+00A0" 15/* See: https://www.ecma-international.org/ecma-262/11.0/index.html#sec-white-space */ 16<USP> ::= "Any other Unicode 'Space_Separator' code point" 17/* Any non-newline whitespace: */ 18<whitespace> ::= <ZWNBSP> | <TAB> | <VT> | <FF> | <SP> | <NBSP> | <USP> 19 20<message> ::= <summary>, <newline>+, <body>, (<newline>+, <footer>)* 21 | <summary>, (<newline>+, <footer>)* 22 | <summary>, <newline>* 23 24/* "!" should be added to the AST as a <breaking-change> node with the value "!" */ 25<summary> ::= <type>, "(", <scope>, ")", ["!"], ":", <whitespace>*, <text> 26 | <type>, ["!"], ":", <whitespace>*, <text> 27<type> ::= <any UTF8-octets except newline or parens or ":" or "!:" or whitespace>+ 28<scope> ::= <any UTF8-octets except newline or parens>+ 29<text> ::= <any UTF8-octets except newline>* 30 31 32<body> ::= [<any body-text except pre-footer>], <newline>, <body>* 33 | [<any body-text except pre-footer>] 34/* For convenience the <breaking-change>, <separator>, <whitespace>, and 35 * <text> tokens of <body-text> should be appended as children to <body> */ 36<body-text> ::= [<breaking-change>, ":", <whitespace>*], text 37/* Note: <pre-footer> is used during parsing, but not returned in the AST. */ 38<pre-footer> ::= <newline>+, <footer> 39 40<footer> ::= <token>, <separator>, <whitespace>*, <value> 41/* "!" should be added to the AST as a <breaking-change> node with the value "!" */ 42<token> ::= <breaking-change> 43 | <type>, "(" <scope> ")", ["!"] 44 | <type>, ["!"] 45<separator> ::= ":" | " #" 46<value> ::= <text>, <continuation>+ 47 | <text> 48<continuation> ::= <newline>, <whitespace>+, <text> 49 50<breaking-change> ::= "BREAKING CHANGE" | "BREAKING-CHANGE"
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.txt:0
Reason
Found 19/26 approved changesets -- score normalized to 7
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/conventional-commits/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/conventional-commits/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/conventional-commits/.github/SECURITY.md:1
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-commits/parser/release-please.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:39
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:21
- Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:27
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
4.9
/10
Last Scanned on 2025-05-26
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More