Gathering detailed insights and metrics for semantic-release-config-aron
Gathering detailed insights and metrics for semantic-release-config-aron
A monorepo ecosystem integrating first-class packages and conventional workflows ✨
Installations
npm install semantic-release-config-aronDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.12.1
NPM Version
8.19.3
Releases
89
Languages
6
TypeScript
JavaScript
Svelte
CSS
Dockerfile
Shell
TypeScript (81%)
JavaScript (16.51%)
Svelte (1.5%)
CSS (0.67%)
Dockerfile (0.19%)
Shell (0.12%)
Developer
1aron
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
7 Stars
324 Commits
2 Watchers
2 Branches
3 Contributors
Updated on Nov 05, 2023
Maintainers
1
Package Meta Information
Latest Version
1.6.0
Package Id
semantic-release-config-aron@1.6.0
Unpacked Size
9.55 kB
Size
2.47 kB
File Count
5
NPM Version
8.19.3
Node Version
18.12.1
Published on
Mar 27, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
2
Aron's semantic release config for publishing workspace packages
Getting Started
Skip if you have already run npm install aronrepo:
npm install semantic-release-config-aron -D
Configuration
Create a release.config.js file in your project root and extend aron:
1module.exports = { 2 extends: 'semantic-release-config-aron' 3}
For full configuration, check out the configure.js file and Aron's conventional commits for the release rules
Since .plugins use arrays for configuration, even extends will override all preset plugins.
I provide configure(options) API to allow you to set additional config friendly:
1const releaseRules = require('semantic-release-config-aron/rules') 2const configure = require('semantic-release-config-aron/configure') 3 4module.exports = configure({ 5 branches: [ 6 '+([0-9])?(.{+([0-9]),x}).x', 7 'main', 8 'next', 9 'next-major', 10 { 11 name: 'beta', 12 prerelease: true 13 }, 14 { 15 name: 'alpha', 16 prerelease: true 17 } 18 ], 19 plugins: { 20 '@semantic-release/commit-analyzer': { preset: 'aron', releaseRules }, 21 '@semantic-release/release-notes-generator': { preset: 'aron' }, 22 '@semantic-release/exec': { 23 prepareCmd: 'npm run check && npm run build', 24 publishCmd: 'aron version ${nextRelease.version}' 25 }, 26 '@semantic-release/npm': true, 27 '@semantic-release/github': true 28 } 29})
The above example is equivalent to the extends: 'semantic-release-config-aron' preset.
For example, to add assets for a GitHub Release and keep the default plugins:
1module.exports = configure({ 2 plugins: { 3 '@semantic-release/github': { 4 assets: [ 5 { 6 path: 'packages/css/dist/index.browser.js', 7 name: 'master-css.js', 8 label: 'master-css.js' 9 } 10 ] 11 } 12 } 13})
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/1aron/.github/SECURITY.md:1
- Info: Found linked content: github.com/1aron/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/1aron/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/1aron/.github/SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/commit-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/commit-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-title-check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/pull-request-title-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/type-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/1aron/aronrepo/type-check.yml/main?enable=pin
- Warn: containerImage not pinned by hash: packages/github-actions/Dockerfile:1: pin your Docker image by updating node:19-alpine to node:19-alpine@sha256:8ec543d4795e2e85af924a24f8acb039792ae9fe8a42ad5b4bf4c277ab34b62e
- Warn: npmCommand not pinned by hash: packages/github-actions/Dockerfile:4
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 5 out of 6 npmCommand dependencies pinned
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/commit-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull-request-title-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/type-check.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
25 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c
Score
3.4
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More