Generate changelogs and release notes from a project's commit messages and metadata.
Installations
npm install conventional-changelog-expressReleases
git-client: v1.0.1
Published on 06 May 2024
conventional-changelog: v6.0.0
Published on 03 May 2024
conventional-changelog-core: v8.0.0
Published on 03 May 2024
conventional-changelog-conventionalcommits: v8.0.0
Published on 03 May 2024
git-semver-tags: v8.0.0
Published on 03 May 2024
conventional-changelog-preset-loader: v5.0.0
Published on 03 May 2024
Developer
conventional-changelog
Developer Guide
Module System
ESM
Min. Node Version
>=18
Typescript Support
No
Node Version
18.20.2
NPM Version
10.5.0
Statistics
7,863 Stars
1,696 Commits
712 Forks
56 Watching
28 Branches
140 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (56.39%)
JavaScript (40.81%)
Handlebars (2.8%)
Total Downloads
Cumulative downloads
Total Downloads
196,843,326
Last day
-0.5%
312,555
Compared to previous day
Last week
6.5%
1,714,063
Compared to previous week
Last month
39.6%
6,170,587
Compared to previous month
Last year
28.1%
54,620,274
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Conventional Changelog
Generate a CHANGELOG from git metadata.
About this Repo
The conventional-changelog repo is managed as a monorepo; it's composed of many npm packages.
The original conventional-changelog/conventional-changelog API repo can be
found in packages/conventional-changelog.
Getting started
It's recommended you use the high level commit-and-tag-version library, which is a drop-in replacement for npm's version command, handling automated version bumping, tagging and CHANGELOG generation.
Alternatively, if you'd like to move towards completely automating your release process as an output from CI/CD, consider using semantic-release.
You can also use one of the plugins if you are already using the tool:
Plugins Supporting Conventional Changelog
Modules Important to Conventional Changelog Ecosystem
- conventional-changelog-cli - the full-featured command line interface
- standard-changelog - command line interface for the angular commit format.
- conventional-github-releaser - Make a new GitHub release from git metadata
- conventional-recommended-bump - Get a recommended version bump based on conventional commits
- conventional-commits-detector - Detect what commit message convention your repository is using
- commitizen - Simple commit conventions for internet citizens.
- commitlint - Lint commit messages
Node Support Policy
We only support Long-Term Support versions of Node.
We specifically limit our support to LTS versions of Node, not because this package won't work on other versions, but because we have a limited amount of time, and supporting LTS offers the greatest return on that investment.
It's possible this package will work correctly on newer versions of Node. It may even be possible to use this package on older versions of Node, though that's more unlikely as we'll make every effort to take advantage of features available in the oldest LTS version we support.
As each Node LTS version reaches its end-of-life we will remove that version from the node engines property of our package's package.json file. Removing a Node version is considered a breaking change and will entail the publishing of a new major version of this package. We will not accept any requests to support an end-of-life version of Node. Any merge requests or issues supporting an end-of-life version of Node will be closed.
We will accept code that allows this package to run on newer, non-LTS, versions of Node. Furthermore, we will attempt to ensure our own changes work on the latest version of Node. To help in that commitment, our continuous integration setup runs against all LTS versions of Node in addition the most recent Node release; called current.
JavaScript package managers should allow you to install this package with any version of Node, with, at most, a warning if your version of Node does not fall within the range specified by our node engines property. If you encounter issues installing this package, please report the issue to your package manager.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.md:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4
Reason
Found 0/6 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/commit.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-all-submodules-manual.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-submodules-manual.yaml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-submodules.yaml:3
- Warn: no topLevel permission defined: .github/workflows/tests.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 15 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to conventional-changelog-express
conventional-changelog-angular
Angular preset for conventional-changelog.
conventional-changelog-conventionalcommits
Conventionalcommits.org preset for conventional-changelog.
conventional-commits-parser
Parse raw conventional commits.
conventional-changelog-writer
Write logs based on conventional commits and templates.