npmpackage.info

Gathering detailed insights and metrics for semantic-release-commitlint

Other packages similar to semantic-release-commitlint

@storm-software/git-tools

2.113.13

Tools for managing Git repositories within a Nx workspace.

@xerox/commitlint-config

3.1.3

semantic-release shareable config for Xerox projects

@wavevision/semantic-release

2.0.2

The Wavevision semantic release setup.

@mixmaxhq/semantic-commitlint

1.0.3

Fills the gap between semantic-release and commitlint

Gathering detailed insights and metrics for semantic-release-commitlint

semantic-release-commitlint - 1.2.2 | npmpackage.info

semantic-release-commitlint

1.2.2

MIT

JavaScript

7.97 kB

2.6

Installations

npm install semantic-release-commitlint

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.17.0

NPM Version

7.9.0 Pull Requests

Open

2

Total

10

Closed

1

Merged

7

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

XC-

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

2 Stars

22 Commits

1 Watchers

10 Branches

3 Contributors

Updated on Oct 03, 2021

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

1.2.2

Package Id

semantic-release-commitlint@1.2.2

Unpacked Size

7.97 kB

Size

3.47 kB

File Count

NPM Version

7.9.0

Node Version

14.17.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@commitlint/config-conventional @commitlint/format @commitlint/lint @commitlint/load @semantic-release/error

Dev Dependencies

@semantic-release/changelog @semantic-release/git ava eslint semantic-release

semantic-release-commitlint

This plugin is a thin layer on top of conventional-changelog/commitlint packages allowing it to be used together with semantic-release tool to enforce conventional commits style guide. The reasoning to this is, that it is more beneficial to automate the enforcing than having it as a manual part of code review process. This takes some load away from developers and allows them to prevent merges to release branches when commits do not follow the convention.

Installation

npm install --save-dev semantic-release-commitlint

Add semantic-release-commitlint to semantic-release configuration after @semantic-release/commit-analyzer. The plugin is run in analyzeCommits -lifecycle and will throw an error with linting results if linting fails.

Configuration

Currently the plugin has only one configuration setting:

failOnWarning
- Type: Boolean
- Default: undefined (falsy)
- Description: Normally commitlint warnings are considered as valid, but by setting this to true the plugin will throw an error if any warnings have been found.
rules
- Type: Object
- Default: {}
- Description: Object containing rules as listed at https://github.com/conventional-changelog/commitlint/blob/master/docs/reference-rules.md
warnOnly
- Type: Boolean
- Default: undefined (falsy)
- Description: Instead of throwing errors, set maximum level to be warning.

THREE, three configuration settings... oh blast it!

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

1

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 1

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-requests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/pull-requests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-requests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/pull-requests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-requests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/pull-requests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-requests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/pull-requests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-requests.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/XC-/semantic-release-commitlint/pull-requests.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/main.yml:23
Warn: npmCommand not pinned by hash: .github/workflows/main.yml:32
Warn: npmCommand not pinned by hash: .github/workflows/pull-requests.yml:32
Warn: npmCommand not pinned by hash: .github/workflows/pull-requests.yml:23
Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
Info: 2 out of 6 npmCommand dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

40 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-2h3h-q99f-3fhc
Warn: Project is vulnerable to: GHSA-gmw6-94gg-2rc2
Warn: Project is vulnerable to: GHSA-hxwm-x553-x359
Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-hj9c-8jmm-8c52
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-x2pg-mjhr-2m5x
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7

Score

2.6

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More