Gathering detailed insights and metrics for semantic-commitlint
Gathering detailed insights and metrics for semantic-commitlint
📦🚀 + 📓 A continuous integration build tool to ensure all new commits meet your commit message format! ️️
Installations
npm install semantic-commitlintDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
8.9.4
NPM Version
5.6.0
Releases
9
Languages
2
TypeScript
JavaScript
TypeScript (89%)
JavaScript (11%)
Developer
adriancarriger
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
10 Stars
23 Commits
2 Forks
1 Watchers
13 Branches
2 Contributors
Updated on Oct 26, 2024
Maintainers
1
Package Meta Information
Latest Version
1.4.0
Package Id
semantic-commitlint@1.4.0
Unpacked Size
146.80 kB
Size
43.57 kB
File Count
22
NPM Version
5.6.0
Node Version
8.9.4
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Semantic Commitlint 
📦🚀 + 📓 A continuous integration build tool to ensure all new commits meet your commit message format! ️️
Problem
- 📦🚀 semantic-release depends on properly formatted commit messages
- 📓 commitlint is awesome, but it doesn't know which commits occurred since your last release
Solution
- semantic-commitlint fills the gap between semantic-release and commitlint by asking commitlint to lint new commit messages that have not been included in a previous release
Features
- Run in CI on all branches to ensure that only builds with valid commit messages pass
- Wraps semantic-release and commitlint for an easy install
- Minimal config
Install
1npm install semantic-commitlint --save-dev
Setup
Add the following to your package.json
1{ 2 "scripts": { 3 "semantic-commitlint": "semantic-commitlint", 4 "semantic-release": "semantic-release" 5 }, 6 "release": { 7 "verifyRelease": ["semantic-commitlint"] 8 } 9}
Setup semantic-release authentication for CI
Usage
Add the following commands to your CI build process
1npm run semantic-commitlint -- --ci 2npm run semantic-release
Local usage
To get early feedback on commit messages you can add the following to a commit hook or your regular set of tests.
1npm run semantic-commitlint
This allows your project's contributors to get early feedback on their last commit message instead of waiting for CI to fail a build.
- Last commit only - this will not validate all new commit messages because Github auth is required to gather commits that have been added since the last release.
Config
Skip commits
If there are unreleased commits that shouldn't fail a build, then add them to your package.json inside the semanticCommitlint config.
1{ 2 "semanticCommitlint": { 3 "skipCommits": ["a1be371"] 4 } 5}
Custom lint functions
To add a custom lint function add your function's path in package.json.
1{ 2 "semanticCommitlint": { 3 "lintFunctions": ["./my-function.js"] 4 } 5}
The function itself works like this:
1// my-function.js 2function customValidation(commitMessage, report) { 3 if (commitMessage.includes('something bad')) { 4 report.valid = false; 5 report.errors.push({ 6 level: 2, 7 valid: false, 8 name: 'type-bad', 9 message: 'Commit message should have been better!' 10 }); 11 } 12} 13 14module.exports = customValidation;
External config
This project just ties together some functionality from two external projects. For all other config options make sure to read through the docs.
Commit hooks
You can prevent invalid commit messages from every being created by using Git hooks!
- Add husky
1npm install --save-dev husky@next
- Update
package.json
1{ 2 "husky": { 3 "hooks": { 4 "prepare-commit-msg": "npm run semantic-commitlint -- -h" 5 } 6 } 7}
Issues
Not all features implemented in semantic-release and commitlint are currently available when using semantic-commtlint. If you have a suggestion, please open an issue. Thanks!
License
semantic-commitlint is licensed under the MIT Open Source license. For more information, see the LICENSE file in this repository.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/23 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Reason
64 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
- Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
- Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
- Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
- Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
- Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
- Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
- Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
- Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-h726-x36v-rx45
- Warn: Project is vulnerable to: GHSA-779f-wgxg-qr8f
- Warn: Project is vulnerable to: GHSA-xf5p-87ch-gxw2
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-r2j6-p67h-q639
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Score
2
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More