Gathering detailed insights and metrics for conventional-changelog
Gathering detailed insights and metrics for conventional-changelog
Generate changelogs and release notes from a project's commit messages and metadata.
Installations
npm install conventional-changelogDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18
Node Version
20.19.3
NPM Version
10.8.2
Releases
172
conventional-changelog: v7.1.1
conventional-changelog-v7.1.1
Updated on Jul 10, 2025
conventional-changelog-conventionalcommits: v9.1.0
conventional-changelog-conventionalcommits-v9.1.0
Updated on Jul 10, 2025
conventional-changelog-writer: v8.2.0
conventional-changelog-writer-v8.2.0
Updated on Jul 09, 2025
conventional-commits-parser: v6.2.0
conventional-commits-parser-v6.2.0
Updated on Jun 09, 2025
conventional-recommended-bump: v11.2.0
conventional-recommended-bump-v11.2.0
Updated on Jun 07, 2025
conventional-changelog: v7.1.0
conventional-changelog-v7.1.0
Updated on Jun 07, 2025
Languages
3
TypeScript
JavaScript
Handlebars
TypeScript (77.48%)
JavaScript (20.23%)
Handlebars (2.29%)
Developer
conventional-changelog
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
ISC License
8,156 Stars
1,786 Commits
729 Forks
54 Watchers
3 Branches
152 Contributors
Updated on Jul 11, 2025
Maintainers
7
Package Meta Information
Latest Version
7.1.1
Package Id
conventional-changelog@7.1.1
Unpacked Size
378.88 kB
Size
33.94 kB
File Count
45
NPM Version
10.8.2
Node Version
20.19.3
Published on
Jul 10, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
conventional-changelog
Generate a changelog from git metadata.
[!NOTE] You don't have to use the angular commit convention. For the best result of the tool to tokenize your commit and produce flexible output, it's recommended to use a commit convention.
Install • Usage • Recommended workflow • Why • Presets • JS API
Install
1# pnpm 2pnpm add conventional-changelog 3# yarn 4yarn add conventional-changelog 5# npm 6npm i conventional-changelog
Usage
1conventional-changelog -p angular
This will not overwrite any previous changelogs. The above generates a changelog based on commits since the last semver tag that matches the pattern of "Feature", "Fix", "Performance Improvement" or "Breaking Changes".
If this is your first time using this tool and you want to generate all previous changelogs, you could do
1conventional-changelog -p angular -r 0
This will overwrite any previous changelogs if they exist.
All available command line parameters can be listed using CLI: conventional-changelog --help.
[!TIP] You can alias your command or add it to your package.json. EG:
"changelog": "conventional-changelog -p angular -r 0".
Recommended workflow
- Make changes
- Commit those changes
- Make sure Travis turns green
- Bump version in
package.json conventional-changelog- Commit
package.jsonandCHANGELOG.mdfiles - Tag
- Push
The reason why you should commit and tag after conventional-changelog is that the CHANGELOG should be included in the new release, hence commits.from defaults to the latest semver tag.
With npm version
Using the npm scripts to our advantage with the following hooks:
1{ 2 "scripts": { 3 "version": "conventional-changelog -p angular && git add CHANGELOG.md" 4 } 5}
You could follow the following workflow
- Make changes
- Commit those changes
- Pull all the tags
- Run the
npm version [patch|minor|major]command - Push
You could optionally add a preversion script to package your project or running a full suit of test.
And a postversion script to clean your system and push your release and tags.
By adding a .npmrc you could also automate your commit message and set your tag prefix as such:
tag-version-prefix=""
message="chore(release): %s :tada:"
Why
- Easy fully automate changelog generation. You could still add more points on top of it.
- Ignoring reverted commits, templating with handlebars.js and links to references, etc.
- Intelligently setup defaults but yet fully configurable with presets of popular projects.
- Everything internally or externally is pluggable.
- A lot of tests and actively maintained.
Presets
JS API
1import { ConventionalChangelog } from 'conventional-changelog' 2 3const generator = new ConventionalChangelog() 4 .readPackage() 5 .loadPreset('angular') 6 7generator 8 .writeStream() 9 .pipe(process.stdout) 10 11// or 12 13for await (const chunk of generator.write()) { 14 console.log(chunk) 15}
new ConventionalChangelog(cwdOrGitClient: string | ConventionalGitClient = process.cwd())
Create a new instance of conventional-changelog generator. cwdOrGitClient is the current working directory or a ConventionalGitClient instance.
generator.loadPreset(preset: PresetParams): this
Load and set necessary params from a preset.
generator.config(config: Preset | Promise<Preset>): this
Set the config directly.
generator.readPackage(transform?: PackageTransform): this
Find package.json up the directory tree and read it. Optionally transform the package data.
generator.readPackage(path: string, transform?: PackageTransform): this
Read a package.json file from a specific path. Optionally transform the package data.
generator.package(pkg: Record<string, unknown>): this
Set the package data directly.
generator.readRepository(): this
Read and parse the repository URL from current git repository.
generator.repository(infoOrGitUrl: string | Partial<HostedGitInfo>): this
Set the repository info directly.
generator.options(options: Options): this
Set conventional-changelog options.
| Name | Type | Default | Description |
|---|---|---|---|
| reset | boolean | false | Whether to reset the changelog or not. |
| append | boolean | false | Should the log be appended to existing data. |
| releaseCount | number | 1 | How many releases of changelog you want to generate. It counts from the upcoming release. Useful when you forgot to generate any previous changelog. Set to 0 to regenerate all. |
| outputUnreleased | boolean | true if a different version than last release is given. Otherwise false | If this value is true and context.version equals last release then context.version will be changed to 'Unreleased'. |
| transformCommit | (commit: Commit, params: Params) => Partial<Commit> | Promise<Partial<Commit> | null> | null | A transform function that applies after the parser and before the writer. | |
| warn | function | Logger for warnings | |
| debug | function | Logger for debug messages | |
| fromatDate | (date: Date) => string | Custom date formatter function. |
generator.context(context: Context): this
Set the writer context.
generator.tags(params: GetSemverTagsParams): this
Set params to get semver tags.
| Name | Type | Default | Description |
|---|---|---|---|
| prefix | string | RegExp | Specify a prefix for the git tag that will be taken into account during the comparison. | |
| skipUnstable | boolean | false | If set, unstable release tags will be skipped, e.g. x.x.x-rc. |
| clean | boolean | false | Clean version from prefix and trash. |
If you want to take package-prefixed tags, for example lerna-style tags, you should use packagePrefix utility function:
1import { 2 ConventionalChangelog, 3 packagePrefix 4} from 'conventional-changelog' 5 6const generator = new ConventionalChangelog() 7 .readPackage() 8 .loadPreset('angular') 9 .tags({ 10 prefix: packagePrefix('foo-package') 11 })
generator.commits(params: GetCommitsParams, parserOptions?: ParserStreamOptions): this
Set params to get commits.
generator.writer(params: WriterOptions): this
Set writer options.
generator.write(includeDetails?: boolean): AsyncGenerator<string | Details<Commit>, void>
Generate changelog.
generator.writeStream(includeDetails?: boolean): Readable
Generate changelog stream.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.md:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Reason
Found 2/25 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/commit.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 14 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More