Gathering detailed insights and metrics for @tmware/semantic-release-npm-github-publish
Gathering detailed insights and metrics for @tmware/semantic-release-npm-github-publish
Github template for sharable configuration of semantic-release It helps with publishing to npm & github , generates changelog & release notes for any type of keywords.
Installations
npm install @tmware/semantic-release-npm-github-publishDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=18
Node Version
18.16.0
NPM Version
9.8.0
Score
26.1
Supply Chain
88.5
Quality
69.8
Maintenance
50
Vulnerability
94.1
License
Releases
11
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
134 Commits
11 Branches
Updated on Oct 05, 2023
Maintainers
1
Package Meta Information
Latest Version
1.5.6
Package Id
@tmware/semantic-release-npm-github-publish@1.5.6
Unpacked Size
11.76 kB
Size
4.31 kB
File Count
7
NPM Version
9.8.0
Node Version
18.16.0
Published on
Jul 18, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
semantic-release-npm-github-publish
Semantic-release shareable configuration for easy publishing to NPM, Github or Github Package Registry.
About
This sharable configuration conforms to angular standard
- Using @semantic-release/commit-analyzer ensures that commits are conformed to the conventional commits specification.
- PATCH version created if any of build, ci, chore, docs, refactor, style, test commit types pushed to master
- MINOR version created if fix commit type pushed
- MAJOR version created if feat commit type pushed
- Publishes the new version to NPM.
- Bumps a version in package.json.
- Generates or updates a changelog file including all PATCH keywords (not included in default angular package).
- Releases new release for NPM & Github.
This repository can be also used as a template repository for creation of sharable semantic-release configurations.
Install
- Install
semantic-release:
1npm install --save-dev semantic-release
- Add
semantic-releaseto scripts:
1"scripts": { 2 "semantic-release": "semantic-release" 3}
- Install
semantic-release-npm-github-publish:
1npm install --save-dev @tmware/semantic-release-npm-github-publish
- Add
npx semantic-releaseto a "Release" step of your CD setup
Usage
To use this sharable config, extend your semantic release configuration in .releaserc.yaml:
1branch: master 2ci: false 3dryRun: false 4debug: false 5extends: "@tmware/semantic-release-npm-github-publish"
Contributing
Contributions, issues and feature requests are welcome!
Feel free to check issues page.
Build with
This README was generated with ❤️ by readme-md-generator
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
Found 2/16 approved changesets -- score normalized to 1
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/test-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/TMWare/semantic-release-npm-github-publish/test-release.yml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Score
3
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More