Gathering detailed insights and metrics for conventional-changelog-express
Gathering detailed insights and metrics for conventional-changelog-express
Generate changelogs and release notes from a project's commit messages and metadata.
Installations
npm install conventional-changelog-expressDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18
Node Version
18.20.2
NPM Version
10.5.0
Score
99.8
Supply Chain
78.7
Quality
81.7
Maintenance
100
Vulnerability
100
License
Releases
169
conventional-commits-parser: v6.2.0
conventional-commits-parser-v6.2.0
Updated on Jun 09, 2025
conventional-recommended-bump: v11.2.0
conventional-recommended-bump-v11.2.0
Updated on Jun 07, 2025
conventional-changelog: v7.1.0
conventional-changelog-v7.1.0
Updated on Jun 07, 2025
@conventional-changelog/git-client: v2.5.1
git-client-v2.5.1
Updated on Jun 02, 2025
@conventional-changelog/git-client: v2.5.0
git-client-v2.5.0
Updated on Jun 02, 2025
@conventional-changelog/git-client: v2.4.0
git-client-v2.4.0
Updated on May 27, 2025
Languages
3
TypeScript
JavaScript
Handlebars
TypeScript (78.7%)
JavaScript (18.97%)
Handlebars (2.33%)
Developer
conventional-changelog
Download Statistics
Total Downloads
231,289,451
Last Day
111,584
Last Week
1,587,397
Last Month
6,922,916
Last Year
63,233,119
GitHub Statistics
ISC License
8,122 Stars
1,776 Commits
728 Forks
54 Watchers
6 Branches
151 Contributors
Updated on Jun 13, 2025
Maintainers
4
Package Meta Information
Latest Version
5.0.0
Package Id
conventional-changelog-express@5.0.0
Unpacked Size
6.22 kB
Size
2.62 kB
File Count
10
NPM Version
10.5.0
Node Version
18.20.2
Published on
May 03, 2024
Total Downloads
Cumulative downloads
Total Downloads
231,289,451
Last Day
-12.3%
111,584
Compared to previous day
Last Week
-7.3%
1,587,397
Compared to previous week
Last Month
10.9%
6,922,916
Compared to previous month
Last Year
32.9%
63,233,119
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
conventional-changelog-express
conventional-changelog express preset.
Issues with the convention itself should be reported on the Express issue tracker.
Install
1# yarn 2yarn add -D conventional-changelog-express 3# pnpm 4pnpm add -D conventional-changelog-express 5# npm 6npm i -D conventional-changelog-express
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.md:0
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/commit.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yaml:1
- Info: no jobLevel write permissions found
Reason
Found 2/27 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 14 third-party GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 6 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2025-06-09
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More