Gathering detailed insights and metrics for gitlog
Installations
npm install gitlogDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>= 20.x
Node Version
20.11.1
NPM Version
10.2.4
Score
99.1
Supply Chain
99.5
Quality
81.2
Maintenance
100
Vulnerability
99.6
License
Releases
13
Contributors
23
Unable to fetch Contributors
Languages
3
TypeScript
Shell
JavaScript
TypeScript (89.38%)
Shell (8.63%)
JavaScript (1.98%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
domharrington
Download Statistics
Total Downloads
13,794,044
Last Day
6,287
Last Week
111,481
Last Month
433,351
Last Year
4,503,852
GitHub Statistics
NOASSERTION License
132 Stars
257 Commits
43 Forks
6 Watchers
14 Branches
23 Contributors
Updated on Jan 21, 2025
Bundle Size
10.22 kB
Minified
4.14 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
5.1.0
Package Id
gitlog@5.1.0
Unpacked Size
37.10 kB
Size
10.51 kB
File Count
6
NPM Version
10.2.4
Node Version
20.11.1
Published on
Aug 05, 2024
Total Downloads
Cumulative downloads
Total Downloads
13,794,044
Last Day
2.5%
6,287
Compared to previous day
Last Week
2.2%
111,481
Compared to previous week
Last Month
34.1%
433,351
Compared to previous month
Last Year
34.4%
4,503,852
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
node-gitlog
Git log parser for Node.JS
Installation
1npm install gitlog --save
Usage
1import gitlog from "gitlog"; 2 3const options = { 4 repo: __dirname + "/test-repo-folder", 5 number: 20, 6 author: "Dom Harrington", 7 fields: ["hash", "abbrevHash", "subject", "authorName", "authorDateRel"], 8 execOptions: { maxBuffer: 1000 * 1024 }, 9}; 10 11const commits = await gitlog(options);
gitlog comes with full typescript support!
1import gitlog, { GitlogOptions } from "gitlog"; 2 3// Option 1: Just use the function, returned commit type has specified fields 4gitlog({ 5 repo: "foo", 6 fields: ["subject", "authorName", "authorDate"], 7}); 8 9// Option 2: Use Options type to create options 10const options: GitlogOptions<"subject" | "authorName" | "authorDate"> = { 11 repo: "foo", 12 fields: ["subject", "authorName", "authorDate"], 13}; 14 15gitlog(options); 16 17// Option 3: Typescript Magic 18const options = { 19 repo: "foo", 20 fields: ["subject", "authorName", "authorDate"] as const, 21}; 22 23gitlog(options); 24 25// NOT SUPPORTED: Without "as const" gitlog can't create a good return type 26const options = { 27 repo: "foo", 28 fields: ["subject", "authorName", "authorDate"], 29}; 30 31gitlog(options);
Options
See git log
repo
The location of the repo, required field.
number
The number of commits to return, defaults to 10.
since/after
Show commits more recent than a specific date.
until/before
Show commits older than a specific date.
author/committer
Limit the commits output to ones with author/committer header lines that match the specified pattern.
nameStatus
Below fields was returned from the log:
- files - changed files names (array)
- status - changed files status (array)
This option is enabled by default.
findCopiesHarder
Much more likely to set status codes to 'C' if files are exact copies of each other.
This option is disabled by default.
includeMergeCommitFiles
Pass the -m option to includes files in a merge commit.
This option is disabled by default.
follow
Pass the --follow option to follow files across renames.
This option is disabled by default.
all
Find commits on all branches instead of just on the current one.
This option is disabled by default.
branch (revision range)
Show only commits in the specified branch or revision range.
By default uses the current branch and defaults to HEAD (i.e. the whole history leading to the current commit).
fileLineRange
Optional field for getting only the commits that affected a specific line range of a given file.
file
Optional file filter for the git log command
execOptions
Type: Object
Specify some options to be passed to the .exec() method:
cwdString Current working directory of the child processenvObject Environment key-value pairssetsidBooleanencodingString (Default: 'utf8')timeoutNumber (Default: 0)maxBufferNumber (Default: 200*1024)killSignalString (Default: 'SIGTERM')
optional fields
An array of fields to return from the log, here are the possible options:
hash- the long hash of the commit e.g. 7dd0b07625203f69cd55d779d873f1adcffaa84aabbrevHash- the abbreviated commit hash e.g. 7dd0b07treeHash- the tree hash of the commitabbrevTreeHash- the abbreviated commit hashparentHashes- the parent hashesabbrevParentHashes- the abbreviated parent hashesauthorName- author name of the commitauthorEmail- author email of the commitauthorDate- author date of the commitauthorDateRel- relative author date of the commitcommitterName- committer namecommitterEmail- committer emailcommitterDate- committer datecommitterDateRel- relative committer datesubject- commit message (first line)body- commit bodyrawBody- raw body (subject + body)tag- raw tag information of commit
Defaults to 'abbrevHash', 'hash', 'subject' and 'authorName'.
How it works
This module works by executing a child process (using child_process.exec()) to the git executable, then parsing the stdout into commits. This is done using the --pretty command line option which allows you to provide a custom formatter to git log. To enable easy parsing the format is delimited by a tab (\t) character.
Example
The following is an example of what a parsed commit might look like.
1{ 2 "hash": "6a7ef5e3b3d9c77743140443c8f9e792b0715721", 3 "abbrevHash": "6a7ef5e", 4 "treeHash": "f1bf51b15b48a00c33727f364afef695029864c0", 5 "abbrevTreeHash": "f1bf51b", 6 "parentHashes": "cfe06dbdb8d0a193640977e016a04678f8f3b04f", 7 "abbrevParentHashes": "cfe06dbdb8d0a193640977e016a04678f8f3b04f", 8 "authorName": "Dom Harrington", 9 "authorEmail": "dom@harringtonxxxxx", 10 "authorDate": "2015-04-09 09:39:23 +0100", 11 "authorDateRel": "6 days ago", 12 "committerName": "Dom Harrington", 13 "committerEmail": "dom@harringtonxxxxx", 14 "committerDate": "Thu Apr 9 09:39:23 2015 +0100", 15 "committerDateRel": "6 days ago", 16 "subject": "1.0.0", 17 "status": ["M"], 18 "files": ["package.json"] 19}
Contributors ✨
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
Stable Version
Stable Version
5.1.0
Critical
1
Critical
9.8/10
Summary
Command injection in gitlog
Affected Versions
< 4.0.4
Patched Versions
4.0.4
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/domharrington/node-gitlog/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/domharrington/node-gitlog/ci.yaml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Warn: could not determine whether codeowners review is allowed
- Warn: no status checks found to merge onto branch 'main'
- Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
Found 3/28 approved changesets -- score normalized to 1
Reason
0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 6 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mm-m3wx-j7fr
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Score
3.1
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More