Generate changelogs and release notes from a project's commit messages and metadata.
Installations
npm install git-raw-commitsScore
93.8
Supply Chain
84.8
Quality
80.8
Maintenance
100
Vulnerability
99.6
License
Releases
git-client: v1.0.1
Published on 06 May 2024
conventional-changelog: v6.0.0
Published on 03 May 2024
conventional-changelog-core: v8.0.0
Published on 03 May 2024
conventional-changelog-conventionalcommits: v8.0.0
Published on 03 May 2024
git-semver-tags: v8.0.0
Published on 03 May 2024
conventional-changelog-preset-loader: v5.0.0
Published on 03 May 2024
Developer
conventional-changelog
Developer Guide
Module System
ESM
Min. Node Version
>=18
Typescript Support
No
Node Version
18.20.2
NPM Version
10.5.0
Statistics
7,865 Stars
1,696 Commits
712 Forks
56 Watching
28 Branches
140 Contributors
Updated on 29 Nov 2024
Languages
TypeScript (56.39%)
JavaScript (40.81%)
Handlebars (2.8%)
Total Downloads
Cumulative downloads
Total Downloads
878,543,138
Last day
-18.1%
1,009,352
Compared to previous day
Last week
-2.2%
6,820,903
Compared to previous week
Last month
17.8%
27,651,531
Compared to previous month
Last year
24.5%
249,346,356
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Conventional Changelog
Generate a CHANGELOG from git metadata.
About this Repo
The conventional-changelog repo is managed as a monorepo; it's composed of many npm packages.
The original conventional-changelog/conventional-changelog API repo can be
found in packages/conventional-changelog.
Getting started
It's recommended you use the high level commit-and-tag-version library, which is a drop-in replacement for npm's version command, handling automated version bumping, tagging and CHANGELOG generation.
Alternatively, if you'd like to move towards completely automating your release process as an output from CI/CD, consider using semantic-release.
You can also use one of the plugins if you are already using the tool:
Plugins Supporting Conventional Changelog
Modules Important to Conventional Changelog Ecosystem
- conventional-changelog-cli - the full-featured command line interface
- standard-changelog - command line interface for the angular commit format.
- conventional-github-releaser - Make a new GitHub release from git metadata
- conventional-recommended-bump - Get a recommended version bump based on conventional commits
- conventional-commits-detector - Detect what commit message convention your repository is using
- commitizen - Simple commit conventions for internet citizens.
- commitlint - Lint commit messages
Node Support Policy
We only support Long-Term Support versions of Node.
We specifically limit our support to LTS versions of Node, not because this package won't work on other versions, but because we have a limited amount of time, and supporting LTS offers the greatest return on that investment.
It's possible this package will work correctly on newer versions of Node. It may even be possible to use this package on older versions of Node, though that's more unlikely as we'll make every effort to take advantage of features available in the oldest LTS version we support.
As each Node LTS version reaches its end-of-life we will remove that version from the node engines property of our package's package.json file. Removing a Node version is considered a breaking change and will entail the publishing of a new major version of this package. We will not accept any requests to support an end-of-life version of Node. Any merge requests or issues supporting an end-of-life version of Node will be closed.
We will accept code that allows this package to run on newer, non-LTS, versions of Node. Furthermore, we will attempt to ensure our own changes work on the latest version of Node. To help in that commitment, our continuous integration setup runs against all LTS versions of Node in addition the most recent Node release; called current.
JavaScript package managers should allow you to install this package with any version of Node, with, at most, a warning if your version of Node does not fall within the range specified by our node engines property. If you encounter issues installing this package, please report the issue to your package manager.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.md:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4
Reason
Found 0/6 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/commit.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-all-submodules-manual.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-submodules-manual.yaml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-submodules.yaml:3
- Warn: no topLevel permission defined: .github/workflows/tests.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/checks.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/commit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-all-submodules-manual.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-all-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules-manual.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules-manual.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-submodules.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/release-submodules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/conventional-changelog/conventional-changelog/tests.yaml/master?enable=pin
- Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 15 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to git-raw-commits
@types/git-raw-commits
TypeScript definitions for git-raw-commits
promised-conventional-commits-parser
This is a promise wrapper around parts of the conventional changelog project. It will give you the json representation given by [conventional-commits-parser][] based on the commits read from [git-raw-commits][].
@marionebl/git-raw-commits
Get raw git commits out of your repository using git-log(1)
conventional-commits-parser
Parse raw conventional commits.