npmpackage.info

Gathering detailed insights and metrics for @wavevision/semantic-release

@wavevision/semantic-release

🔖 Semantic Release setup for Wavevision apps

2.0.2

MIT

JavaScript

21.53 kB

6,954 2.8

Installations

npm install @wavevision/semantic-release

Developer Guide

BETA

Typescript

No

Module System

N/A

Node Version

12.19.0

NPM Version

6.14.11 Score

23.3

Supply Chain

53.5

Quality

67.5

Maintenance

Vulnerability

90.8

License

Pull Requests

Open

0

Total

5

Closed

0

Merged

5

Issues

Open

0

Total

3

Closed

3

Releases

2.0.2

Published on 23 Feb 2021

2.0.1

Published on 18 Feb 2021

2.0.0

Published on 12 Feb 2021

1.2.0

Published on 12 Feb 2021

1.1.1

Published on 10 Feb 2021

1.1.0

Published on 08 Feb 2021

View all 9 releases

Contributors

Unable to fetch Contributors

View all 3 contributors

Languages

JavaScript

Handlebars

Shell

JavaScript (89.79%)

Handlebars (9.23%)

Shell (0.98%)

Developer

wavevision

Download Statistics

Total Downloads

6,954

Last Day

Last Week

Last Month

Last Year

2,513

GitHub Statistics

1 Stars

71 Commits

3 Watching

2 Branches

3 Contributors

Maintainers

Package Meta Information

Latest Version

2.0.2

Package Id

@wavevision/semantic-release@2.0.2

Unpacked Size

21.53 kB

Size

7.46 kB

File Count

NPM Version

6.14.11

Node Version

12.19.0

Total Downloads

Cumulative downloads

Total Downloads

6,954

Last day

-88.9%

Compared to previous day

Last week

-45.5%

Compared to previous week

Last month

131.3%

Compared to previous month

Last year

-11.1%

2,513

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@semantic-release/git @semantic-release/github @semantic-release/gitlab @semantic-release/npm commitizen commitlint commitlint-config-gitmoji cz-emoji husky schema-utils semantic-release semantic-release-gitmoji

Dev Dependencies

@wavevision/coding-standard ava mock-fs npm-run-all nyc

Versions

Semantic Release

Semantic Release setup for Wavevision apps to maintain conventional commits and releases using gitmoji. The package contains bootstrap and configs for:

Installation

1yarn add --dev @wavevision/semantic-release

Usage

First, use setup scripts that come with this package.

yarn setup-commitizen – setup commitizen config
yarn setup-gitflow – setup gitflow-avh branches
yarn setup-husky – setup husky hooks for linting your commit messages

Then, create necessary configs in your project root.

`release.config.js`

This is the main config for semantic-release. Require makeConfig function from @wavevision/semantic-release/config to bootstrap your project config. The function accepts single options parameter which is an object with following shape:

1type Options = {
2  config: 'gitlab' | 'github'; // needed to setup correct release plugin
3  branches: string[]; // list of branches on which releases should happen
4  rules?: {
5    // map gitmoji to specific release types
6    major?: string[] | { exclude?: string[]; include?: string[] };
7    minor?: string[] | { exclude?: string[]; include?: string[] };
8    patch?: string[] | { exclude?: string[]; include?: string[] };
9  };
10  templates?: {
11    notes?: string; // release notes .hbs template content
12    commit?: string; // commit .hbs template content
13  };
14  git?: {
15    enabled: boolean; // enable @semantic-release/git plugin
16    assets?: string[]; // relative paths to assets to be commited with a release
17  };
18  npm?: {
19    enabled: boolean; // enable @semantic-release/npm plugin
20  };
21};

Example

1const makeConfig = require('@wavevision/semantic-release/config');
2const {
3  CONFIG_GITHUB,
4} = require('@wavevision/semantic-release/config/constants');
5
6module.exports = makeConfig({
7  config: CONFIG_GITHUB,
8  branches: ['master'],
9  git: { enabled: true, assets: ['package.json'] },
10  npm: { enabled: true },
11});

This will bootstrap semantic-release for GitHub repository in which releases will happen on master branch. Each new release will change version property inside package.json which will be then committed to the repository. Also, if your package.json does not set private: true, an npm package will be published.

Note: See this FAQ to learn about setting npm published package access.

The gitmoji release rules are by default:

major = [:boom:]
minor = [:sparkles:]
patch = [:bug:, :ambulance:, :lock:]

Templates

The package contains a helper to stringify .hbs templates content from a folder you define. Use it as follows.

1const { makeTemplate } = require('@wavevision/semantic-release/config/utils');
2
3const template = makeTemplate('path', 'to', 'templates');
4template('notes'); // will return content from path/to/templates/notes.hbs

Constants

As shown in the example @wavevision/semantic-release/config/constants exports set of useful constants to be used with the configuration. See all of them in that module.

`commitlint.config.js`

Simply use the config from this package.

1module.exports = require('@wavevision/semantic-release/commitlint');

Commit CLI

The package also contains bootstrapped commitizen CLI which will help you assemble valid gitmoji commit messages through a simple prompt. Simply run yarn commit and follow the steps.

Note: Longer description, breaking change commit body and list of issues closed are not required.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

60 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-x2pg-mjhr-2m5x
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

2.8

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More