Gathering detailed insights and metrics for prefix-commit-message
Gathering detailed insights and metrics for prefix-commit-message
Script for prepare-commit-msg hook to extract ID from branch name into commit message
Installations
npm install prefix-commit-messageDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
21.1.0
NPM Version
10.2.0
Releases
10
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
5 Stars
61 Commits
4 Forks
1 Watchers
1 Branches
1 Contributors
Updated on Feb 18, 2025
Maintainers
1
Package Meta Information
Latest Version
4.2.0
Package Id
prefix-commit-message@4.2.0
Unpacked Size
13.41 kB
Size
4.11 kB
File Count
8
NPM Version
10.2.0
Node Version
21.1.0
Published on
Jan 15, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Prefix Commit Message
This script is meant to be used as a prepare-commit-msg Git hook. Each time you commit, it extracts the issue identifier or user-story identifier from the current branch name and prefixes your commit message with the extracted identifier.
It supports identifiers of the form ABCD-1234 and 1234, and will look for such identifiers right after the / in the name of the current branch.
If you're on the branch feature/JIRA-874-cannot-log-in-on-macos, for example, this hook will prefix each of your commit messages with [ JIRA-874 ] .
There are simpler shell scripts that achieve the same, but this solution works on Windows too.
This script can be used standalone or in combination with Husky (version 6 and newer). If you're using an older Husky, see (https://github.com/ljpengelen/prefix-commit-message/tree/v1.3.0).
Installation
Standalone usage
Navigate to .git/hooks from the root of your Git repository and create an executable file named prepare-commit-msg with the following content:
#!/bin/sh
npx prefix-commit-message $1
Usage with Husky
First, install Husky and this script:
npm install husky --save-dev
npm install prefix-commit-message --save-dev
Then, enable Git hooks via Husky:
npx husky install
Finally, set up the prepare-commit-msg hook:
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1"
Custom prefix
If you don't like the square brackets around the identifier, you can supply a custom opening and closing symbol. For example,
#!/bin/sh
npx prefix-commit-message $1 -o -c :
and
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1 -o -c :"
will result in the prefix JIRA-874: .
The opening symbol is specified via the '-o' flag, and the closing symbol is specified via the '-c' flag. As the example shows, the empty string is used when no value is specified after a flag.
Including and excluding branches
If you want to apply the hook to specific branches only, you can supply a regex pattern for branches to include and exclude. For example,
#!/bin/sh
npx prefix-commit-message $1 -bi ^feature -be release
and
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1 -bi ^feature -be release"
will only extract the identifier from branches that start with the string "feature" and do not contain the string "release".
The pattern for branches to include is specified via the '-bi' flag, and the pattern for branches to exclude is specified via the '-be' flag.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:17
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 2 npmCommand dependencies pinned
Reason
Found 2/14 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More