Gathering detailed insights and metrics for prefix-commit-message
Gathering detailed insights and metrics for prefix-commit-message
Installations
npm install prefix-commit-messageDeveloper
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
21.1.0
NPM Version
10.2.0
Statistics
5 Stars
59 Commits
4 Forks
2 Watching
1 Branches
1 Contributors
Updated on 09 Aug 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
482,597
Last day
-31.3%
230
Compared to previous day
Last week
-2.6%
1,526
Compared to previous week
Last month
-13.4%
6,363
Compared to previous month
Last year
11%
159,175
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Prefix Commit Message
This script is meant to be used as a prepare-commit-msg Git hook. Each time you commit, it extracts the issue identifier or user-story identifier from the current branch name and prefixes your commit message with the extracted identifier.
It supports identifiers of the form ABCD-1234 and 1234, and will look for such identifiers right after the / in the name of the current branch.
If you're on the branch feature/JIRA-874-cannot-log-in-on-macos, for example, this hook will prefix each of your commit messages with [ JIRA-874 ] .
There are simpler shell scripts that achieve the same, but this solution works on Windows too.
This script can be used standalone or in combination with Husky (version 6 and newer). If you're using an older Husky, see (https://github.com/ljpengelen/prefix-commit-message/tree/v1.3.0).
Installation
Standalone usage
Navigate to .git/hooks from the root of your Git repository and create an executable file named prepare-commit-msg with the following content:
#!/bin/sh
npx prefix-commit-message $1
Usage with Husky
First, install Husky and this script:
npm install husky --save-dev
npm install prefix-commit-message --save-dev
Then, enable Git hooks via Husky:
npx husky install
Finally, set up the prepare-commit-msg hook:
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1"
Custom prefix
If you don't like the square brackets around the identifier, you can supply a custom opening and closing symbol. For example,
#!/bin/sh
npx prefix-commit-message $1 -o -c :
and
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1 -o -c :"
will result in the prefix JIRA-874: .
The opening symbol is specified via the '-o' flag, and the closing symbol is specified via the '-c' flag. As the example shows, the empty string is used when no value is specified after a flag.
Including and excluding branches
If you want to apply the hook to specific branches only, you can supply a regex pattern for branches to include and exclude. For example,
#!/bin/sh
npx prefix-commit-message $1 -bi ^feature -be release
and
npx husky add .husky/prepare-commit-msg "npx prefix-commit-message \$1 -bi ^feature -be release"
will only extract the identifier from branches that start with the string "feature" and do not contain the string "release".
The pattern for branches to include is specified via the '-bi' flag, and the pattern for branches to exclude is specified via the '-be' flag.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ljpengelen/prefix-commit-message/test.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:17
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 2 npmCommand dependencies pinned
Reason
Found 2/15 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
4.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More