Installations
npm install @dgc-org/commitlint-config-conventional-changelog-for-jiraDeveloper Guide
Typescript
No
Module System
CommonJS
Node Version
14.18.1
NPM Version
6.14.15
Score
68.9
Supply Chain
99.2
Quality
82.3
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (89.06%)
Shell (10.94%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
cyberscan
Download Statistics
Total Downloads
52,735
Last Day
69
Last Week
336
Last Month
1,244
Last Year
17,990
GitHub Statistics
MIT License
1 Stars
22 Commits
6 Watchers
5 Branches
1 Contributors
Updated on Jul 22, 2022
Maintainers
Package Meta Information
Latest Version
1.2.6
Package Id
@dgc-org/commitlint-config-conventional-changelog-for-jira@1.2.6
Unpacked Size
9.97 kB
Size
3.70 kB
File Count
5
NPM Version
6.14.15
Node Version
14.18.1
Total Downloads
Cumulative downloads
Total Downloads
52,735
Last Day
-1.4%
69
Compared to previous day
Last Week
-1.2%
336
Compared to previous week
Last Month
33%
1,244
Compared to previous month
Last Year
-22.3%
17,990
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
@dgc-org/commitlint-config-conventional-changelog-for-jira
Shareable commitlint config enforcing the Angular commit convention and Jira Smart Commit Syntax. Based on @commitlint/config-angular.
Use with @dgc-org/cz-conventional-changelog-for-jira, @commitlint/cli.
Getting started
1npm install --save-dev @dgc-org/commitlint-config-conventional-changelog-for-jira @commitlint/cli 2echo "module.exports = {extends: ['@dgc-org/commitlint-config-conventional-changelog-for-jira']};" > commitlint.config.js
Disabling commitlint
In some cases it might be useful to be able to skip linting, e.g. when lacking access to Jira or having to do nasty things in GitOps. This configuration skips the linting process altogether if either of these conditions are satisfied:
- Commit message starts with
WIP:, e.g.WIP: the office is burning down, need to save my work - Environment variable
COMMITLINT_DISABLEis set totrue(case-insensitive) or1
This mechanism should only be used in situations where there's no alternative to it, rather than to ignore fixable validation failures.
Rules
Problems
The following rules are considered problems for @dgc-org/commitlint-config-conventional-changelog-for-jira and will yield a non-zero exit code when not met.
Consult docs/rules for a list of available rules.
type-enum
- condition:
typeis found in value - rule:
always - value
1[ 2 "feat", 3 "fix", 4 "docs", 5 "refactor", 6 "test", 7 "style", 8 "build", 9 "ci", 10 "chore", 11 "revert", 12 "perf", 13 "wip", 14]
1echo "foo: some message" # fails 2echo "fix: some message" # passes
type-case
- description:
typeis in casevalue - rule:
always - value
1'lowerCase'
1echo "FIX: some message" # fails 2echo "fix: some message" # passes
type-empty
- condition:
typeis empty - rule:
never
1echo ": some message" # fails 2echo "fix: some message" # passes
scope-case
- condition:
scopeis in casevalue - rule:
always
1'lowerCase'
1echo "fix(SCOPE): some message" # fails 2echo "fix(scope): some message" # passes
subject-case
- condition:
subjectis in one of the cases['sentence-case', 'start-case', 'pascal-case', 'upper-case'] - rule:
never
1echo "fix(SCOPE): Some message" # fails 2echo "fix(SCOPE): Some Message" # fails 3echo "fix(SCOPE): SomeMessage" # fails 4echo "fix(SCOPE): SOMEMESSAGE" # fails 5echo "fix(scope): some message" # passes 6echo "fix(scope): some Message" # passes
subject-empty
- condition:
subjectis empty - rule:
never
1echo "fix:" # fails 2echo "fix: some message" # passes
subject-full-stop
- condition:
subjectends withvalue - rule:
never - value
1'.'
1echo "fix: some message." # fails 2echo "fix: some message" # passes
header-max-length
- condition:
headerhasvalueor less characters - rule:
always - value
172
1echo "fix: some message that is way too long and breaks the line max-length by several characters" # fails 2echo "fix: some message" # passes
Warnings
The following rules are considered warnings for @dgc-org/commitlint-config-conventional-changelog-for-jira and will print warning messages when not met.
body-leading-blank
- condition: Body begins with blank line
- rule:
always
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
Found 0/22 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cyberscan/commitlint-config-conventional-changelog-for-jira/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cyberscan/commitlint-config-conventional-changelog-for-jira/release.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.5
/10
Last Scanned on 2025-02-17
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More