npmpackage.info

Gathering detailed insights and metrics for commitlint-config-aron

commitlint-config-aron - 1.6.0 | npmpackage.info

commitlint-config-aron

A monorepo ecosystem integrating first-class packages and conventional workflows ✨

1.6.0

MIT

TypeScript

8.85 kB

3.4

Installations

npm install commitlint-config-aron

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

18.12.1

NPM Version

8.19.3 Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

0

Total

4

Closed

4

Releases

v1.6.0

Updated on Mar 27, 2023

v1.5.2

Updated on Mar 25, 2023

v1.5.1

Updated on Mar 24, 2023

v1.5.0

Updated on Mar 24, 2023

v1.4.7

Updated on Mar 22, 2023

v1.4.6

Updated on Mar 18, 2023

View All 89 releases

Languages

TypeScript

JavaScript

Svelte

CSS

Dockerfile

Shell

TypeScript (81%)

JavaScript (16.51%)

Svelte (1.5%)

CSS (0.67%)

Dockerfile (0.19%)

Shell (0.12%)

Developer

1aron

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

7 Stars

324 Commits

2 Watchers

2 Branches

3 Contributors

Updated on Nov 05, 2023

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

1.6.0

Package Id

commitlint-config-aron@1.6.0

Unpacked Size

8.85 kB

Size

2.75 kB

File Count

NPM Version

8.19.3

Node Version

18.12.1

Published on

Mar 27, 2023

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@commitlint/cli husky conventional-changelog-aron aron-conventional-commits

Check your commits with Aron's commitlint config

Getting Started

Skip if you have already run npm install aronrepo:

npm install commitlint-config-aron -D

Configuration

Create a .commitlintrc.yml file in your project root and extend aron:

1extends: aron

Set up Husky

Use Husky to register Git Hooks to automatically check whether it is legal before committing.

npx husky install

npx husky add .husky/commit-msg 'npx --no -- commitlint --edit ${1}'

Check if the .husky is successfully generated in the project root:

1+ └── .husky
2+     ├─── _
3+     └─── commit-msg

From now on, you just need to commit; the check happens after the commit. If everything is legal, there will be no prompts.

package.json

Pre-commit checks via Git Hook are only enabled when other team members clone the project and run npm install.

Save commit-check and husky install commands for teamwork and CI:

1{
2    "scripts": {
3        "install": "husky install",
4        "commit-check": "commitlint --from=HEAD~1 --verbose"
5    }
6}

npm run commit-check:

Continuous Integration

Typically, you double-check commits before publishing and on relevant workflows, using GitHub Actions as an example:

Create a workflow for commit check /.github/workflows/commit-check.yml:

1name: Commit Check
2on:
3    push:
4        branches:
5            - '**'
6    pull_request_target:
7        types:
8            - opened
9            - reopened
10            - edited
11            - synchronize
12
13jobs:
14    check:
15        timeout-minutes: 15
16        runs-on: ubuntu-20.04
17        strategy:
18            matrix:
19                node-version: [18.12.1]
20        steps:
21            - uses: actions/checkout@v3
22              with:
23                  fetch-depth: 0
24            - uses: actions/setup-node@v3
25              with:
26                  node-version: ${{ matrix.node-version }}
27                  cache: 'npm'
28            - run: npm ci
29            - run: npm run commit-check
30

Commit Header Format

The header has a particular format that includes a Type, a Target, and a Summary:

Type(Target): Summary
  ┊     ┊
  ┊     └─⫸ Target: Workspace, Package or Role
  ┊
  └─⫸ Type: Bump, Feat, New, Perf, Add, Update, Improve, Fix, Depreciate, Drop, Docs, Upgrade, Revert, Example, Test, Refactor, Chore, Misc

For the full documentation, check out the Aron's conventional commits

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

4

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 4

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/commit-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/commit-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-title-check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/pull-request-title-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/type-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/type-check.yml/main?enable=pin
Warn: containerImage not pinned by hash: packages/github-actions/Dockerfile:1: pin your Docker image by updating node:19-alpine to node:19-alpine@sha256:8ec543d4795e2e85af924a24f8acb039792ae9fe8a42ad5b4bf4c277ab34b62e
Warn: npmCommand not pinned by hash: packages/github-actions/Dockerfile:4
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 5 out of 6 npmCommand dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.4

/10

Last Scanned on 2025-07-14

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More