{"id":21106927,"url":"https://github.com/buildo/smooth-release","last_synced_at":"2025-10-08T12:03:23.340Z","repository":{"id":57364266,"uuid":"71661329","full_name":"buildo/smooth-release","owner":"buildo","description":"Replacement for `npm version` and `npm publish` with validations and CHANGELOG.md + GitHub release generation","archived":false,"fork":false,"pushed_at":"2019-09-30T14:23:02.000Z","size":144,"stargazers_count":34,"open_issues_count":8,"forks_count":2,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-09-25T07:59:18.731Z","etag":null,"topics":["changelog","github-releases","npm","npm-publish","npm-version","semantic-versioning","validations","versioning"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/buildo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-22T19:36:21.000Z","updated_at":"2023-10-17T09:59:53.000Z","dependencies_parsed_at":"2022-09-13T21:00:49.752Z","dependency_job_id":null,"html_url":"https://github.com/buildo/smooth-release","commit_stats":null,"previous_names":["francescocioria/smooth-release"],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/buildo/smooth-release","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildo%2Fsmooth-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildo%2Fsmooth-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildo%2Fsmooth-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildo%2Fsmooth-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/buildo","download_url":"https://codeload.github.com/buildo/smooth-release/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildo%2Fsmooth-release/sbom","scorecard":{"id":113372,"data":{"date":"2025-08-11","repo":{"name":"github.com/buildo/smooth-release","commit":"f9f6492cd00f11b4bf40689972b61039222499f7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 5/17 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T17:59:56.121Z","repository_id":57364266,"created_at":"2025-08-15T17:59:56.121Z","updated_at":"2025-08-15T17:59:56.121Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278939320,"owners_count":26072276,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["changelog","github-releases","npm","npm-publish","npm-version","semantic-versioning","validations","versioning"],"created_at":"2024-11-20T00:34:26.389Z","updated_at":"2025-10-08T12:03:23.289Z","avatar_url":"https://github.com/buildo.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# smooth-release\nSmart CLI utility to **safely** and **automatically** do every step to release a new version of a library hosted on `GitHub` and published on `npm`.\n\n## Install\n`npm i -g smooth-release`\n\n## Usage\nSimply run `smooth-release` from your root folder, that's all :)\n\n#### Custom settings\n- Every config value used by `smooth-release` is overridable: jump to [`.smooth-releaserc`](https://github.com/buildo/smooth-release#smooth-releaserc) section to know more about it.\n- You can run or turn off specific tasks also by passing a set of CLI arguments: jump to [`CLI arguments`](https://github.com/buildo/smooth-release#cli-arguments) section to know more about it.\n\n\n## What it does\n`smooth-release` does five main activities in this order:\n\n1. Run validations\n2. Increase version and push new commit and tag\n3. Generate CHANGELOG.md\n4. Create release on GitHub with link to relative section in CHANGELOG.md\n5. Publish on `npm`\n\n### Run validations\nIn order to proceed each one of these validations must pass (they can be optionally turned off):\n\n1. Current branch must be the one defined in `.smooth-releaserc` (default: \"master\")\n2. Local branch must be in sync with remote\n3. No uncommited changes in the working tree\n4. No untracked filed in the working tree\n5. User must be logged in \"npm\" and have write permissions for current package\n\n### Increase version\n\n\n#### Check if version should be considered \"breaking\" or not\n`smooth-release` automatically detects if the next version should be \"breaking\" or not.\nIf a version is \"breaking\" it will be a `major` otherwise it will be a `patch`.\n`smooth-release` never creates a `minor` version.\n\nTo decide if a version is \"breaking\", `smooth-release` analyzes every *closed issue* (or *merged pull request*) from GitHub: if there is **at least** one *valid* closed issue marked as \"breaking\" the version will be breaking.\n\nTo mark an *issue* (or *pull request*) as \"breaking\" you can add to it a label named as you like. This label should also be added to `smooth-releaserc` to let `smooth-release` know about it.\n\nNOTE: you can use *pull requests* instead of *issues* by setting `github.dataType` in `.smooth-releaserc` to `\"pullRequests\"`\n\n**MANUAL OVERRIDE:**\nIf you need to, you can override this step by manually passing the desired version/increase level as argument to `smooth-release`:\n\n```\nsmooth-release minor\nsmooth-release pre-major\nsmooth-release 5.4.6\n```\n\n#### npm version and push\nRuns:\n\n1. `npm version ${newVersion} --no-git-tag-version`\n\n### Generate CHANGELOG.md\nThe script to generate the changelog is basically a replica in JavaScript of [github-changelog-generator](https://github.com/skywinder/github-changelog-generator).\n\nThe changelog is generated using *closed issues* by default. You can use *merged pull requests* instead by setting `github.dataType` in `.smooth-releaserc` to `\"pullRequests\"`\n\nThis script is stateless: every time it runs it replaces CHANGELOG.md with a new one.\n\nYou can see an example by looking at the CHANGELOG.md file on this repo: https://github.com/buildo/smooth-release/blob/master/CHANGELOG.md.\n\n### Create release on GitHub with link to CHANGELOG.md section\nIt statelessly creates a GitHub release for the last npm-version tag.\n\n`smooth-release` defines an *npm-version tag* as a tag named `v1.2.3` where `1`, `2`, `3` can be any number.\n\nThe release is named after the tag (ex: v1.2.3) and the body contains a link to the relative section in CHANGELOG.md.\n\nYou can see an example by looking at any release from this repo: https://github.com/buildo/smooth-release/releases.\n\n### Create release commit and push it on origin\nThis step is run only if there are changes to commit. This may happen if you run one of these scripts:\n- npm-version (modifies `package.json`)\n- changelog (modifies `CHANGELOG.md`)\n\nIf the only file that changed is `CHANGELOG.md` the new commit will have as message `\"Update CHANGELOG.md\"`.\n\nOtherwise, if you run also `npm-version` script and therefore the `package.json` has been updated, the new commit will have the standard version message (`\"1.2.3\"`) and will also have the npm-version tag (`v.1.2.3`).\n\n\n### Publish on `npm`\nRuns:\n\n1. `npm publish`\n\n## `.smooth-releaserc`\n`smooth-release` comes with a safe default for each config value. This is the `defaultConfig` JSON used by `smooth-release`:\n\n```js\n{\n  github: {\n    dataType: 'issues',\n    changelog: {\n      outputPath: './CHANGELOG.md',\n      ignoredLabels: ['DX', 'invalid', 'discussion'],\n      bug: {\n        title: '#### Fixes (bugs \u0026 defects):',\n        labels: ['bug', 'defect']\n      },\n      breaking: {\n        title: '#### Breaking:',\n        labels: ['breaking']\n      },\n      feature: {\n        title: '#### New features:'\n      }\n    }\n  },\n  publish: {\n    branch: 'master',\n    inSyncWithRemote: true,\n    noUncommittedChanges: true,\n    noUntrackedFiles: true,\n    validNpmCredentials: true,\n    validGithubToken: true,\n    packageFilesFilter: 'files',\n    npmVersionConfirmation: true\n  },\n  tasks: {\n    validations: true,\n    'npm-publish': null,\n    'npm-version': null,\n    'gh-release': null,\n    'gh-release-all': false,\n    changelog: null\n  }\n}\n```\n\nIf you set a task to `null`, `smooth-release` will prompt you every time before running the task:\n![image](https://cloud.githubusercontent.com/assets/4029499/21606902/e78f23d0-d1b2-11e6-9c17-b4bccf853856.png)\n\nIf you want to change parts of the default config you can define a JSON file in the root directory of your project named `.smooth-releaserc`.\n\nThe file will be recursively merged into `defaultConfig` (NB: arrays are replaced, not merged!).\n\n\n## CLI arguments\n`smooth-release` can be configured using CLI arguments as well.\n\nThe main argument is passed directly to the `npm-version` task so you can use `smooth-release` like `npm version`:\n```bash\nsmooth-release minor\n```\n\nYou can also override the default behavior of each task by passing it as argument:\n\nExamples\n```bash\nsmooth-release --no-npm-publish # safely run \"smooth-release\" without publishing on \"npm\"\nsmooth-release --changelog --gh-release-all # first time using smooth-release on your repo? this way you add a CHANGELOG.md and a GitHub release for every npm verison tag :)\n```\n\nIf you specify one ore more negative argument, interactive prompts will be displayed for the remaining arguments (ex: `--no-changelog`).\n\nIf you specify one or more positive argument, all interactive prompts will be disabled and only the whitelisted tasks will be run (ex: `--changelog`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuildo%2Fsmooth-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuildo%2Fsmooth-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuildo%2Fsmooth-release/lists"}