A standalone commit message helper or customizable commitizen adapter for https://github.com/commitizen/cz-cli
Installations
npm install cz-customizable
Developer Guide
Typescript
Yes
Module System
CommonJS
Node Version
22.12.0
NPM Version
10.9.0
Score
74.8
Supply Chain
97.1
Quality
86.4
Maintenance
100
Vulnerability
97.6
License
Releases
Contributors
Languages
JavaScript (100%)
Developer
leoforfree
Download Statistics
Total Downloads
16,908,555
Last Day
13,364
Last Week
79,679
Last Month
349,456
Last Year
3,879,890
GitHub Statistics
615 Stars
177 Commits
202 Forks
6 Watching
6 Branches
31 Contributors
Bundle Size
116.16 kB
Minified
40.44 kB
Minified + Gzipped
Package Meta Information
Latest Version
7.4.0
Package Id
cz-customizable@7.4.0
Unpacked Size
151.85 kB
Size
99.97 kB
File Count
26
NPM Version
10.9.0
Node Version
22.12.0
Publised On
23 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
16,908,555
Last day
-10.9%
13,364
Compared to previous day
Last week
-6.8%
79,679
Compared to previous week
Last month
-13.3%
349,456
Compared to previous month
Last year
18.1%
3,879,890
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
cz-customizable
The customizable Commitizen plugin (or standalone utility) to help achieve consistent commit messages such as Conventional Commits. Note that you can create any commit message pattern. You don't have to use the pattern from the Conventional Commits. For example, my team uses this pattern: [minor] add new feature xyz
Suitable for large teams working with multiple projects with their own commit scopes. It allows you to select the pre-defined scopes or commit types. It works perfectly with https://github.com/semantic-release/semantic-release.
You have two ways to use cz-customizable
. Originally, this project started as a commitizen plugin (Option 1). We introduced the second option to run this cz-customizable
in standalone mode (Option 2), just like any NodeJS script. It's recommended to use Option 2
for simplicity. The way you configure is shared between both options.
Quick start (New, recommended)
Configuration
- Copy contents of the example config file and paste into a new file
.cz-config.js
- Option 1: Move file
cz-config.js
to your home directory. - Option 2: Put file
cz-config.js
at the root level of your project and commit it to your code repository (Assuming you have a team agreement to use this tool).
cz-customizable via global install
npm i cz-customizable -g
Then run cz-customizable
from your root repo. You can also use the alias cz-cust
.
If everything is correct, you should see commit questions like the image above.
Slow start
Option 1 - cz-customizable via npx
npx cz-customizable
Option 2 - cz-customizable in standalone mode
Use cz-customizable
without commitzen
.
- npm install
npm install cz-customizable --save-dev
- add a new script to your
package.json
:
"scripts" : {
...
"commit": "./node_modules/cz-customizable/standalone.js"
}
- See options below how to create and where you could put your
.cz-config.js
file. - now run:
npm run commit
.
Option 3 - cz-customizable as commitizen plugin
This is how this project started.
-
install commitizen in case you don't have it:
npm install -g commitizen
. Make sure you have the latest version of commitizen installed globally. -
configure
commitizen
to usecz-customizable
as plugin. Add those lines to yourpackage.json
:
...
"config": {
"commitizen": {
"path": "node_modules/cz-customizable"
}
}
Configuration (Shared between options 1,2 and 3)
- Copy contents of the example config file and paste into a new file
.cz-config.js
Option 1 - You can make changes to your git repository, file package.json
.
cz-customizable
will first look for a file called.cz-config.js
or.config/cz-config.js
in the project root, near yourpackage.json
- If no config found, it will look for
.cz-config.js
or or.config/cz-config.js
in your home directory - alternatively add the config location in your
package.json
:
...
"config": {
"commitizen": { // not needed for standlone usage
"path": "node_modules/cz-customizable"
},
"cz-customizable": {
"config": "config/path/to/my/config.js"
}
}
Note: option one allows you to have your config away from root directory. It also gives you a change to define any name to your .cz-config.js
.
No Changes to your git repository*.
This is suitable when your team is not ready to roll cz-customizable
across all teams but you still would like to use it for your own commits, no matter the project.
Steps:
- create config file:
- create a file called
.cz-config.js
in your git repository root (*Assumptions: you git ignore global on~/.gitignore_global
for.cz-config.js
). Or; - create a file called
.cz-config.js
your home directory.
- create a file called
Additional steps when used as commitizen plugin
- npm install -g commitizen
- npm install -g cz-customizable. Make sure you have version
>v5.6.x
- create global commitizen config file
.czrc
:echo '{ "path": "cz-customizable" }' > ~/.czrc
- now run:
npx git-cz
orgit cz
.
Notes:
- you should commit your
.cz-config.js
file to your git when applicable.
Hopefully this will help you to have consistent commit messages and have a fully automated deployment without any human intervention.
Options
Here are the options you can set in your .cz-config.js
:
-
subjectLimit: {number, default 100}: This is the subject limit. Example:
this is a new feature
orfix a bug
-
subjectSeparator: {string, default ': '}: This is the subject separator. Example:
feat: this is a new feature
-
typePrefix: {string, default ''}: This is the commit type prefix. Example: config:
{ typePrefix: '[' }
, result:[feat: this is a new feature
-
typeSuffix: {string, default ''}: This is the commit type suffix. Example: config:
{ typePrefix: '[', typeSuffix: ']', subjectSeparator: ' ' }
, result:[feat] this is a new feature
-
scopes: {Array of Strings}: Specify the scopes for your particular project. Eg.: for some banking system: ["acccounts", "payments"]. For another travelling application: ["bookings", "search", "profile"]
-
scopeOverrides: {Object where key contains a Array of String}: Use this when you want to override scopes for a specific commit type. Example below specify scopes when type is
fix
:scopeOverrides: { fix: [ {name: 'merge'}, {name: 'style'}, {name: 'e2eTest'}, {name: 'unitTest'} ] }
-
additionalQuestions:{Array of object} To ask additional question. Answers will be appended to body part. All keys of object are required.
additionalQuestions: [ { type: 'input', name: 'time', message: 'Time spent (i.e. 1h 15m) (optional):\n', mapping: "#time" }, { type: 'input', name: 'comment', message: 'Jira comment (optional):\n', mapping: "#comment" } ],
-
allowCustomScopes: {boolean, default false}: adds the option
custom
to scope selection so you can still type a scope if you need. -
allowBreakingChanges: {Array of Strings: default none}. List of commit types you would like to the question
breaking change
prompted. Eg.: ['feat', 'fix']. -
skipQuestions: {Array of Strings: default none}. List of questions you want to skip. Eg.: ['body', 'footer'].
-
skipEmptyScopes: {boolean, default false}: If a chosen type has no scopes declared, skip the scope question
-
appendBranchNameToCommitMessage: If you use
cz-customizable
withcz-customizable-ghooks
, you can get the branch name automatically appended to the commit message. This is done by a commit hook oncz-customizable-ghooks
. This option has been added oncz-customizable-ghooks
, v1.3.0. Default value istrue
. -
ticketNumberPrefix: {string, default 'ISSUES CLOSED:'}: Set custom prefix for footer ticker number.
-
ticketNumberSuffix: {string, default ''}: Set custom suffix for footer ticker number.
-
fallbackTicketNumber: {string, default ''}: Set fallback ticket number which will be used if
ticketNumber
is not provided. -
breakingPrefix: {string, default 'BREAKING CHANGE:'}: Set a custom prefix for the breaking change block in commit messages.
-
footerPrefix: {string, default 'ISSUES CLOSED:'}: Set a custom prefix for the footer block in commit messages. Set to empty string to remove prefix.
-
breaklineChar: {string, default '|'}: It gets replaced with \n to create the breakline in your commit message. This is supported for fields
body
andfooter
at the moment. -
upperCaseSubject: { boolean, default false }: Capitalizes first subject letter if set to
true
-
askForBreakingChangeFirst: { boolean, default false }: It asks for breaking change as first question when set to
true
-
usePreparedCommit: { boolean, default false }: It re-uses commit from ./.git/COMMIT_EDITMSG when set to
true
Related tools
- (https://github.com/commitizen/cz-cli)
- (https://github.com/leonardoanalista/corp-semantic-release)
- (https://github.com/semantic-release/semantic-release)
- (https://github.com/uglow/cz-customizable-ghooks)
GOTCHAS
-
backticks If you wish to have backticks in your content, for example "feat: `string`", the commit preview will be "feat: \`string\`". Don't worry because on your
git log
will be "feat: `string`" as desired. -
multiline contents on the body of the message Body is the only place where you can use a
pipe
to break lines. E.g.: you type this:my items are:| - item01| - item 02
, which will become:
my items are:
- item01
- item 02
CONTRIBUTING
Contributor Guidelines
- if you add a new config property, please remember to update files
README.md
andindex.d.ts
. - add or update relevant tests
- Favor non-breaking changes when possible
- Send preliminary PR if you would like to start a discussion
Conduct of Code:
- Be polite, respectful and understanding that we are all here after working hours spending time to build something useful to all.
- We promise to extend courtesy and respect to everyone involved in this project regardless of gender, gender identity, sexual orientation, disability, age, race, ethnicity, religion, or level of experience
Leonardo Correa
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 1 commits out of 26 are checked with a SAST tool
Reason
Found 9/22 approved changesets -- score normalized to 4
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/github-actions-demo.yml:1
- Warn: no topLevel permission defined: .github/workflows/trivy.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-demo.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/github-actions-demo.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-demo.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/github-actions-demo.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-actions-demo.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/github-actions-demo.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/trivy.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/leoforfree/cz-customizable/trivy.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/github-actions-demo.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/github-actions-demo.yml:45
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3.7
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More