Package Health Score

63 / 100

security
Security review needed
popularity
Small
maintenance
Inactive
community
Active

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
0.0.0-development	\|	06/2019	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Small

Weekly Downloads (1)

GitHub Stars: 19.66K
Forks: 1.64K
Contributors: 220

Direct Usage Popularity

The npm package travis-semantic-release receives a total of 1 downloads a week. As such, we scored travis-semantic-release popularity level to be Small.

Based on project statistics from the GitHub repository for the npm package travis-semantic-release, we found that it has been starred 19,660 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: Yes
Contributors: 220
Funding: No

A good and healthy external contribution signal for travis-semantic-release project, which invites more than one hundred open source maintainers to collaborate on the repository.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

Open Issues: 308
Open PR: 43
Last Release: 5 years ago
Last Commit: 25 days ago

Further analysis of the maintenance status of travis-semantic-release based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for travis-semantic-release is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=8.3

Age: 5 years
Dependencies: 26 Direct
Versions: 3
Install Size: 150 kB
Dist-tags: 2
# of Files: 50
Maintainers: 1
TS Typings: No

travis-semantic-release has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

📦🚀 semantic-release

Fully automated version management and package publishing

semantic-release automates the whole package release workflow including: determining the next version number, generating the release notes and publishing the package.

This removes the immediate connection between human emotions and version numbers, strictly following the Semantic Versioning specification.

> Trust us, this will change your workflow for the better. – egghead.io

Highlights

Fully automated release
Enforce Semantic Versioning specification
New features and fixes are immediately available to users
Notify maintainers and users of new releases
Use formalized commit message convention to document changes in the codebase
Integrate with your continuous integration workflow
Avoid potential errors associated with manual releases
Support any package managers and languages via plugins
Simple and reusable configuration via shareable configurations

How does it work?

Commit message format

semantic-release uses the commit messages to determine the type of changes in the codebase. Following formalized conventions for commit messages, semantic-release automatically determines the next semantic version number, generates a changelog and publishes the release.

By default semantic-release uses Angular Commit Message Conventions. The commit message format can be changed with the preset or config options of the @semantic-release/commit-analyzer and @semantic-release/release-notes-generator plugins.

Tools such as commitizen, commitlint or semantic-git-commit-cli can be used to help contributors and enforce valid commit messages.

Here is an example of the release type that will be done based on a commit messages:

Commit message	Release type
`fix(pencil): stop graphite breaking when too much pressure applied`	Patch Release
`feat(pencil): add 'graphiteWidth' option`	~~Minor~~ Feature Release
`perf(pencil): remove graphiteWidth option` `BREAKING CHANGE: The graphiteWidth option has been removed.` `The default graphite width of 10mm is always used for performance reasons.`	~~Major~~ Breaking Release

Automation with CI

semantic-release is meant to be executed on the CI environment after every successful build on the release branch. This way no human is directly involved in the release process and the releases are guaranteed to be unromantic and unsentimental.

Triggering a release

For each new commits added to the release branch (i.e. master) with git push or by merging a pull request or merging from another branch, a CI build is triggered and runs the semantic-release command to make a release if there are codebase changes since the last release that affect the package functionalities.

If you need more control over the timing of releases you have a couple of options:

Publish releases on a distribution channel (for example npm’s dist-tags). This way you can keep control over what your users end up using by default, and you can decide when to make an automatically released version available to the stable channel, and promote it.
Develop on a dev branch and merge it to the release branch (i.e. master) once you are ready to publish. semantic-release will run only on pushes to the release branch.

Release steps

After running the tests, the command semantic-release will execute the following steps:

Step	Description
Verify Conditions	Verify all the conditions to proceed with the release.
Get last release	Obtain the commit corresponding to the last release by analyzing Git tags.
Analyze commits	Determine the type of release based on the commits added since the last release.
Verify release	Verify the release conformity.
Generate notes	Generate release notes for the commits added since the last release.
Create Git tag	Create a Git tag corresponding to the new release version.
Prepare	Prepare the release.
Publish	Publish the release.
Notify	Notify of new releases or errors.

Documentation

Usage
Extending
- Plugins
- Shareable configuration
Recipes
- CI configurations
- Package managers and languages
Developer guide
Support

Get help

Badge

Let people know that your package is published using semantic-release by including this badge in your readme.

[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)

Team


Stephan Bönnemann	Rolf Erik Lekang	Johannes Jörg Schmidt	Gregor Martynus	Finn Pauls	Pierre Vanduynslager	Christoph Witzko

Kill all humans

travis-semantic-release development dependencies

ava clear-module codecov commitizen cz-conventional-changelog delay dockerode file-url fs-extra got js-yaml mockserver-client nock nyc p-retry proxyquire sinon stream-buffers tempy xo

FAQs

What is travis-semantic-release?

Automated semver compliant package publishing. Visit Snyk Advisor to see a full health score report for travis-semantic-release, including popularity, security, maintenance & community analysis.

Is travis-semantic-release popular?

The npm package travis-semantic-release receives a total of 1 weekly downloads. As such, travis-semantic-release popularity was classified as small. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is travis-semantic-release well maintained?

We found indications that travis-semantic-release is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is travis-semantic-release safe to use?

While scanning the latest version of travis-semantic-release, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 11 April-2024, at 13:43 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP