npmpackage.info

Gathering detailed insights and metrics for semantic-release-lerna

Other packages similar to semantic-release-lerna

lerna-semantic-release

9.1.0

automated semver compliant package publishing, for lerna

@auto-canary/npm

8.1.0-canary.789.10408.0

NPM publishing plugin for auto

semantic-release-monorepo-hooks

2.10.0

Semantic release monorepo hooks

@auto-it/npm

11.3.0

NPM publishing plugin for auto

Gathering detailed insights and metrics for semantic-release-lerna

semantic-release-lerna - 2.11.1 | npmpackage.info

semantic-release-lerna

Semantic release to publish lerna managed packages

2.11.1

MIT

JavaScript

1.04 MB

5.4

Installations

npm install semantic-release-lerna

Developer Guide

BETA

Typescript

No

Module System

ESM

Min. Node Version

^20.17 || >= 22.9

Node Version

20.18.2

NPM Version

10.9.2 Pull Requests

Open

0

Total

186

Closed

19

Merged

167

Issues

Open

5

Total

19

Closed

14

Releases

v2.11.1

Updated on Feb 17, 2025

v2.11.0

Updated on Feb 07, 2025

v2.10.0

Updated on Dec 21, 2024

v2.9.0

Updated on Oct 09, 2024

v2.8.0

Updated on Aug 11, 2024

v2.7.0

Updated on Jun 22, 2024

View All 42 releases

Languages

JavaScript

JavaScript (100%)

Developer

ext

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

21 Stars

1,158 Commits

8 Forks

3 Watchers

4 Branches

8 Contributors

Updated on Jul 14, 2025

Maintainers

View All 8 Contributors

Package Meta Information

Latest Version

2.11.1

Package Id

semantic-release-lerna@2.11.1

Unpacked Size

1.04 MB

Size

229.49 kB

File Count

NPM Version

10.9.2

Node Version

20.18.2

Published on

Feb 17, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@semantic-release/error conventional-changelog-angular conventional-changelog-writer cosmiconfig libnpmversion registry-auth-token

Peer Dependencies

lerna semantic-release

semantic-release-lerna

semantic-release plugin to publish lerna managed npm packages to npm.

This is WORK-IN-PROGRESS so there will most likely be bugs and it as only really been tested under the narrow use-cases I myself need it for.

It is intended to be a drop-in replacement of the @semantic-release/npm plugin.

The plugin works in the following way:

You manage a monorepo using lerna.
You use semantic-release to automate release handling.
The plugin will use lerna to check which packages has been updated.
Package versions are latched (default latching minor and greater), i.e. patches are only published for changed packages but minor and major bumps for all packages. Use latch option to configure this.
Changelog is generated in the project root by semantic-release.

As of now the following features from @semantic-release/npm is not supported/implemented:

addChannel.
tarball.
Only rudimentary support for configuration options.
Only rudimentary support for authentication verification.
Only rudimentary support for private packages.

Step	Description
`generateNotes`	If the plugin option `generateNotes` is true this plugin generate release notes with the commit scope set to a list of affected packages (unless otherwise specificed by the commit message). This option replaces `@semantic-release/release-notes-generator`, do not use both at the same time.
`prepare`	Update the `package.json` version and create the npm package tarball.
`publish`	Publish the npm package to the registry.

Dependencies

If a package version is bumped all the packages depending (dependencies, devDependencies and peerDependencies) on it will also have the range updated if the range has one of the following formats:

1.2.3
^1.2.3
^1.2
^1

Install

1$ npm install semantic-release-lerna -D

Usage

The plugin can be configured in the semantic-release configuration file:

1{
2  "plugins": [
3    "@semantic-release/commit-analyzer",
4    ["semantic-release-lerna", { "generateNotes": true }],
5    "@semantic-release/changelog",
6    [
7      "@semantic-release/git",
8      {
9        "assets": [
10          "CHANGELOG.md",
11          "lerna.json",
12          "package.json",
13          "package-lock.json",
14          "packages/*/package.json",
15          "packages/*/package-lock.json"
16        ]
17      }
18    ]
19  ]
20}

Options

Option	Description	Default
`generateNotes`	Set to `true` to enable generating release notes. See `generateNotes` step for more details.	`false`
`npmVerifyAuth`	Set to `false` to disable verifying NPM registry credentials.	`true`
`latch`	Latches package versions together. If the version bump is at least the given version all packages will be bumped regardless if the package has been touched or not. `"major", "minor", "patch", "prerelease", "none"`	`"minor"`
`rootVersion`	Allow to update version on root `package.json`.	`true`

Troubleshooting

Working tree has uncommitted changes

lerna ERR! EUNCOMMIT Working tree has uncommitted changes, please commit or remove the following changes before continuing:

Configure @semantic-release/git to commit lerna.json and package.json from the package folders. See example configuration above.

Error: Cannot modify immutable object

The conventional changelog packages have mismatching versions. This plugin supports both conventional-changelog-writer v7 and v8 as long as the preset has a matching version.

Assuming you use conventional-changelog-conventionalcommits as preset you can verify this with:

npm ls conventional-changelog-writer conventional-changelog-commits

If the major version of the packages differs you need to explicitly install the correct versions:

npm install conventional-changelog-writer@8 conventional-changelog-commits@8

Substitute @8 with @7 if you need to stay on v7. Usually you can get away with removing the packages from package.json afterwards as long as the lockfile (e.g. package-lock.json) still retains the requested versions of the packages.

If you do not have a configured preset conventional-changelog-angular is used by default, same rule applies, the major version has to be the same.

Also note that semantic-release v24 requires v8 of thte conventional changelog packages.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

4

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 4

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/ext/semantic-release-lerna/release.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:80
Info: 0 out of 13 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 6 out of 8 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Security-Policy

Determines if the project has published a security policy.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

5.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More