Gathering detailed insights and metrics for @semantic-release/changelog
Gathering detailed insights and metrics for @semantic-release/changelog
📘 semantic-release plugin to create or update a changelog file
Installations
npm install @semantic-release/changelogDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=14.17
Node Version
18.15.0
NPM Version
8.19.4
Releases
25
Languages
1
JavaScript
JavaScript (100%)
Developer
semantic-release
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
321 Stars
308 Commits
29 Forks
3 Watchers
16 Branches
17 Contributors
Updated on Jul 06, 2025
Maintainers
4
Package Meta Information
Latest Version
6.0.3
Package Id
@semantic-release/changelog@6.0.3
Unpacked Size
10.30 kB
Size
3.71 kB
File Count
9
NPM Version
8.19.4
Node Version
18.15.0
Published on
Mar 23, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Peer Dependencies
1
Dev Dependencies
8
@semantic-release/changelog
semantic-release plugin to create or update a changelog file.
| Step | Description |
|---|---|
verifyConditions | Verify the changelogFile and changelogTitle options configuration. |
prepare | Create or update a changelog file in the local project directory with the changelog content created in the generate notes step. |
Install
1$ npm install @semantic-release/changelog -D
Usage
The plugin can be configured in the semantic-release configuration file:
1{ 2 "plugins": [ 3 "@semantic-release/commit-analyzer", 4 "@semantic-release/release-notes-generator", 5 [ 6 "@semantic-release/changelog", 7 { 8 "changelogFile": "docs/CHANGELOG.md" 9 } 10 ], 11 [ 12 "@semantic-release/git", 13 { 14 "assets": ["docs/CHANGELOG.md"] 15 } 16 ] 17 ] 18}
With this example, for each release, a docs/CHANGELOG.md will be created or updated.
Configuration
Options
| Options | Description | Default |
|---|---|---|
changelogFile | File path of the changelog. | CHANGELOG.md |
changelogTitle | Title of the changelog file (first line of the file). | - |
Examples
When used with the @semantic-release/git or @semantic-release/npm plugins the @semantic-release/changelog plugin must be called first in order to update the changelog file so the @semantic-release/git and @semantic-release/npm plugins can include it in the release.
1{ 2 "plugins": [ 3 "@semantic-release/commit-analyzer", 4 "@semantic-release/release-notes-generator", 5 "@semantic-release/changelog", 6 "@semantic-release/npm", 7 "@semantic-release/git" 8 ] 9}
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
all dependencies are pinned
Details
- Info: 6 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:12
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/semantic-release/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/semantic-release/.github/.github/SECURITY.md:1
Reason
Found 2/3 approved changesets -- score normalized to 6
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:10
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Score
5.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More