View commitizen on Snyk Open Source Advisor

Package Health Score

71 / 100

security
Security review needed
popularity
Influential project
maintenance
Sustainable
community
Sustainable

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
4.3.0	\|	01/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
4.2.6	\|	12/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.1.2	\|	07/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.10.1	\|	05/2018		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.9.6	\|	02/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Influential project

Weekly Downloads (806,940)

GitHub Stars: 16.32K
Forks: 552
Contributors: 90

Direct Usage Popularity

The npm package commitizen receives a total of 806,940 downloads a week. As such, we scored commitizen popularity level to be Influential project.

Based on project statistics from the GitHub repository for the npm package commitizen, we found that it has been starred 16,316 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 90
Funding: No

With more than 10 contributors for the commitizen repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like commitizen is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 164
Open PR: 24
Last Release: 1 year ago
Last Commit: 4 months ago

Further analysis of the maintenance status of commitizen based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

An important project maintenance signal to consider for commitizen is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >= 12

Age: 9 years
Dependencies: 14 Direct
Versions: 82
Install Size: 241 kB
Dist-tags: 1
# of Files: 49
Maintainers: 5
TS Typings: No

commitizen has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use commitizen?

To help you get started, we've collected the most common ways that commitizen is being used within popular public projects.

spotify / web-scripts / packages / web-scripts / src / Tasks / CommitTasks.ts View on Github

export function commitTask(task: CommitTaskDesc): void {
  dbg('running commitizen commit');

  // use this to get the resolved path to the root of the commitizen directory
  const cliPath = require
    .resolve('commitizen/package.json')
    .replace('package.json', '');

  return czBootstrap(
    {
      cliPath,
      config: {
        path: task.path,
      },
    },
    // this gets the arguments in the right positions to
    // satisfy commitizen, which strips the first two
    // (assumes that they're `['node', 'git-cz']`)
    [null, ...task.restOptions],
  );
}

View more ways to use commitizen

Commitizen for contributors

When you commit with Commitizen, you'll be prompted to fill out any required commit fields at commit time. No more waiting until later for a git commit hook to run and reject your commit (though that can still be helpful). No more digging through CONTRIBUTING.md to find what the preferred format is. Get instant feedback on your commit message formatting and be prompted for required fields.

Installing the command line tool

Commitizen is currently tested against Node.js 12, 14, & 16, although it may work in older versions of Node.js. You should also have npm 6 or greater.

Installation is as simple as running the following command (if you see EACCES error, reading fixing npm permissions may help):

npm install -g commitizen

Using the command line tool

If your repo is Commitizen friendly:

Simply use git cz or just cz instead of git commit when committing. You can also use git-cz, which is an alias for cz.

Alternatively, if you are using npm 5.2+ you can use npx instead of installing globally:

npx cz

or as an npm script:

  ...
  "scripts": {
    "commit": "cz"
  }

When you're working in a Commitizen-friendly repository, you'll be prompted to fill in any required fields, and your commit messages will be formatted according to the standards defined by project maintainers.

If your repo is NOT Commitizen friendly:

If you're not working in a Commitizen-friendly repository, then git cz will work just the same as git commit, but npx cz will use the streamich/git-cz adapter. To fix this, you need to first make your repo Commitizen friendly

Making your repo Commitizen friendly

For this example, we'll be setting up our repo to use AngularJS's commit message convention, also known as conventional-changelog.

First, install the Commitizen CLI tools:

npm install commitizen -g

Next, initialize your project to use the cz-conventional-changelog adapter by typing:

# npm
commitizen init cz-conventional-changelog --save-dev --save-exact

# yarn
commitizen init cz-conventional-changelog --yarn --dev --exact

# pnpm
commitizen init cz-conventional-changelog --pnpm --save-dev --save-exact

Note that if you want to force install over the top of an old adapter, you can apply the --force argument. For more information on this, just run commitizen help.

The above command does three things for you:

Installs the cz-conventional-changelog adapter npm module
Saves it to package.json's dependencies or devDependencies
Adds the config.commitizen key to the root of your package.json file as shown here:

...
  "config": {
    "commitizen": {
      "path": "cz-conventional-changelog"
    }
  }

Alternatively, Commitizen configs may be added to a .czrc file:

{
  "path": "cz-conventional-changelog"
}

This just tells Commitizen which adapter we actually want our contributors to use when they try to commit to this repo.

commitizen.path is resolved via require.resolve and supports:

npm modules
directories relative to process.cwd() containing an index.js file
file base names relative to process.cwd() with .js extension
full relative file names
absolute paths

Please note that in the previous version of Commitizen we used czConfig. czConfig has been deprecated, and you should migrate to the new format before Commitizen 3.0.0.

Optional: Install and run Commitizen locally

Installing and running Commitizen locally allows you to make sure that developers are running the exact same version of Commitizen on every machine.

Install Commitizen with npm install --save-dev commitizen.

On npm 5.2+ you can use npx to initialize the conventional changelog adapter:

npx commitizen init cz-conventional-changelog --save-dev --save-exact

For previous versions of npm (< 5.2) you can execute ./node_modules/.bin/commitizen or ./node_modules/.bin/cz in order to actually use the commands.

You can then initialize the conventional changelog adapter using: ./node_modules/.bin/commitizen init cz-conventional-changelog --save-dev --save-exact

And you can then add some nice npm scripts in your package.json file pointing to the local version of Commitizen:

  ...
  "scripts": {
    "commit": "cz"
  }

This will be more convenient for your users because then if they want to do a commit, all they need to do is run npm run commit and they will get the prompts needed to start a commit!

> NOTE: If you are using precommit hooks thanks to something like husky, you will need to name your script something other than "commit" > (e.g. "cm": "cz"). The reason is because npm scripts has a "feature" where it automatically runs scripts with the name prexxx where xxx is the name of another script. In essence, > npm and husky will run "precommit" scripts twice if you name the script "commit", and the workaround is to prevent the npm-triggered precommit script.

Optional: Running Commitizen on `git commit`

This example shows how to incorporate Commitizen into the existing git commit workflow by using git hooks and the --hook command-line option. This is useful for project maintainers who wish to ensure the proper commit format is enforced on contributions from those unfamiliar with Commitizen.

Once either of these methods is implemented, users running git commit will be presented with an interactive Commitizen session that helps them write useful commit messages.

> NOTE: This example assumes that the project has been set up to use Commitizen locally.

Traditional git hooks

Update .git/hooks/prepare-commit-msg with the following code:

#!/bin/bash
exec &lt; /dev/tty &amp;&amp; node_modules/.bin/cz --hook || true

Husky

For husky users, add the following configuration to the project's package.json file:

"husky": {
  "hooks": {
    "prepare-commit-msg": "exec &lt; /dev/tty &amp;&amp; npx cz --hook || true"
  }
}

> Why exec < /dev/tty? By default, git hooks are not interactive. This command allows the user to use their terminal to interact with Commitizen during the hook.

Congratulations! Your repo is Commitizen friendly. Time to flaunt it!

Add the "Commitizen friendly" badge to your README using the following markdown:

[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](https://commitizen.github.io/cz-cli/)

Your badge will look like this:

It may also make sense to change your README.md or CONTRIBUTING.md files to include or link to the Commitizen project so that your new contributors may learn more about installing and using Commitizen.

Conventional commit messages as a global utility

Install commitizen globally, if you have not already.

npm install -g commitizen

Install your preferred commitizen adapter globally (for example cz-conventional-changelog).

npm install -g cz-conventional-changelog

Create a .czrc file in your home directory, with path referring to the preferred, globally-installed, commitizen adapter

echo '{ "path": "cz-conventional-changelog" }' &gt; ~/.czrc

You are all set! Now cd into any git repository and use git cz instead of git commit, and you will find the commitizen prompt.

Pro tip: You can use all the git commit options with git cz. For example: git cz -a.

> If your repository is a Node.js project, making it Commitizen friendly is super easy.

If your repository is already Commitizen friendly, the local commitizen adapter will be used, instead of globally installed one.

Commitizen for multi-repo projects

As a project maintainer of many projects, you may want to standardize on a single commit message format for all of them. You can create your own node module which acts as a front-end for Commitizen.

1. Create your own entry point script

// my-cli.js

#!/usr/bin/env node
"use strict";

const path = require('path');
const bootstrap = require('commitizen/dist/cli/git-cz').bootstrap;

bootstrap({
  cliPath: path.join(__dirname, '../../node_modules/commitizen'),
  // this is new
  config: {
    "path": "cz-conventional-changelog"
  }
});

2. Add the script to your `package.json` file

// package.json

{
  "name": "company-commit",
  "bin": "./my-cli.js",
  "dependencies": {
    "commitizen": "^2.7.6",
    "cz-conventional-changelog": "^1.1.5"
  }
}

3. Publish it to npm and use it!

npm install --save-dev company-commit

./node_modules/.bin/company-commit

Adapters

We know that every project and build process has different requirements, so we've tried to keep Commitizen open for extension. You can do this by choosing from any of the pre-built adapters or even by building your own. Here are some of the great adapters available to you:

To create an adapter, just fork one of these great adapters and modify it to suit your needs. We pass you an instance of Inquirer.js, but you can capture input using whatever means necessary. Just call the commit callback with a string and we'll be happy. Publish it to npm, and you'll be all set!

Retrying failed commits

As of version 2.7.1, you may attempt to retry the last commit using the git cz --retry command. This can be helpful when you have tests set up to run via a git precommit hook. In this scenario, you may have attempted a Commitizen commit, painstakingly filled out all of the commitizen fields, but your tests fail. In previous Commitizen versions, after fixing your tests, you would be forced to fill out all of the fields again. Enter the retry command. Commitizen will retry the last commit that you attempted in this repo without you needing to fill out the fields again.

Please note that the retry cache may be cleared when upgrading Commitizen versions, upgrading adapters, or if you delete the commitizen.json file in your home or temp directory. Additionally, the commit cache uses the filesystem path of the repo, so if you move a repo or change its path, you will not be able to retry a commit. This is an edge case but might be confusing if you have scenarios where you are moving folders that contain repos.

It is important to note that if you are running cz from an npm script (let's say it is called commit) you will need to do one of the following:

Pass -- --retry as an argument for your script. i.e: npm run commit -- --retry
Use npx to find and call the cz executable directly. i.e: npx cz --retry

Note that the last two options do not require you to pass -- before the args but the first does.

Commitizen for project maintainers

As a project maintainer, making your repo Commitizen friendly allows you to select pre-existing commit message conventions or to create your own custom commit message convention. When a contributor to your repo uses Commitizen, they will be prompted for the correct fields at commit time.

Go further

Commitizen is great on its own, but it shines when you use it with some other amazing open source tools. Kent C. Dodds shows you how to accomplish this in his Egghead.io series, How to Write an Open Source JavaScript Library. Many of the concepts can be applied to non-JavaScript projects as well.

Philosophy

About Commitizen

Commitizen is an open source project that helps contributors be good open source citizens. It accomplishes this by prompting them to follow commit message conventions at commit time. It also empowers project maintainers to create or use predefined commit message conventions in their repos to better communicate their expectations to potential contributors.

Commitizen or Commit Hooks

Both! Commitizen is not meant to be a replacement for git commit hooks. Rather, it is meant to work side-by-side with them to ensure a consistent and positive experience for your contributors. Commitizen treats the commit command as a declarative action. The contributor is declaring that they wish to contribute to your project. It is up to you as the maintainer to define what rules they should be following.

We accomplish this by letting you define which adapter you'd like to use in your project. Adapters just allow multiple projects to share the same commit message conventions. A good example of an adapter is the cz-conventional-changelog adapter.

Related projects

conventional-changelog – Generate a changelog from conventional commit history
commitlint - Lint commit messages

Authors and Contributors

@JimTheDev (Jim Cummins, author) @kentcdodds @accraze @kytwb @Den-dp

Special thanks to @stevelacy, whose gulp-git project makes commitizen possible.

Contributors

This project exists thanks to all the people who contribute. [Contribute].

Backers

Thank you to all our backers! 🙏 [Become a backer]

commitizen dependencies

cachedir cz-conventional-changelog dedent detect-indent find-node-modules find-root fs-extra glob inquirer is-utf8 lodash minimist strip-bom strip-json-comments

FAQs

What is commitizen?

Git commit, but play nice with conventions. Visit Snyk Advisor to see a full health score report for commitizen, including popularity, security, maintenance & community analysis.

Is commitizen popular?

The npm package commitizen receives a total of 806,940 weekly downloads. As such, commitizen popularity was classified as an influential project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is commitizen well maintained?

We found indications that commitizen maintenance is sustainable demonstrating some project activity. We saw a total of 90 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is commitizen safe to use?

While scanning the latest version of commitizen, we found that a security review is needed. A total of 1 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 17 April-2024, at 13:24 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP