npmpackage.info

Gathering detailed insights and metrics for @xerox/commitlint-config

@xerox/commitlint-config - 3.1.3 | npmpackage.info

@xerox/commitlint-config

Monorepo for Xerox shareable configurations.

3.1.3

MIT

JavaScript

20.44 kB

2.8

Installations

npm install @xerox/commitlint-config

Developer Guide

BETA

Typescript

No

Module System

N/A

Node Version

14.20.0

NPM Version

lerna/5.1.8/node@v14.20.0+x64 (linux)

Pull Requests

Open

20

Total

1,330

Closed

259

Merged

1,051

Issues

Open

1

Total

3

Closed

2

Releases

188

@xerox/stylelint-config@3.0.7

Updated on Nov 10, 2023

@xerox/semantic-release-config@4.0.7

Updated on Nov 10, 2023

@xerox/prettier-config@4.0.4

Updated on Nov 10, 2023

@xerox/eslint-config@5.0.7

Updated on Nov 10, 2023

@xerox/cli@2.0.7

Updated on Nov 10, 2023

@xerox/browserslist-config@2.0.5

Updated on Nov 10, 2023

View All 188 releases

Languages

JavaScript

TypeScript

JavaScript (96.59%)

TypeScript (3.41%)

Developer

xeroxinteractive

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

6 Stars

2,344 Commits

5 Watchers

35 Branches

7 Contributors

Updated on Jan 13, 2024

Maintainers

View All 7 Contributors

Package Meta Information

Latest Version

3.1.3

Package Id

@xerox/commitlint-config@3.1.3

Unpacked Size

20.44 kB

Size

3.99 kB

File Count

NPM Version

lerna/5.1.8/node@v14.20.0+x64 (linux)

Node Version

14.20.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@commitlint/cli @commitlint/config-conventional

Peer Dependencies

husky

@xerox/commitlint-config

commitlint shareable config for Xerox projects

Usage

Install this config and @commitlint/cli and husky in devDependency:

1yarn add @xerox/commitlint-config @commitlint/cli husky --dev
2# or
3npm install @xerox/commitlint-config @commitlint/cli husky --save-dev

Extend this configuration:

1// package.json
2{
3  // ...
4  "commitlint": {
5    "extends": [
6      "@xerox/commitlint-config"
7    ]
8  },
9  // ...
10}

Create a .huskyrc.js file in your project root with the following contents:

1module.exports = require('@xerox/commitlint-config/.huskyrc.json');
2

LICENSE | CHANGELOG

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browserslist-stats-cron.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/browserslist-stats-cron.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browserslist-stats-cron.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/browserslist-stats-cron.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/browserslist-stats-cron.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/browserslist-stats-cron.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browserslist-stats-cron.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/browserslist-stats-cron.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/browserslist-stats-cron.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/browserslist-stats-cron.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/publish.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/sync-labels.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/sync-labels.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/test.yml/release?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/test.yml/release?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/xeroxinteractive/config/test.yml/release?enable=pin
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 6 third-party GitHubAction dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

2.8

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More