{"id":38145829,"url":"https://github.com/release-change/release-change","last_synced_at":"2026-05-11T01:29:50.725Z","repository":{"id":275174059,"uuid":"925235888","full_name":"release-change/release-change","owner":"release-change","description":"Fully automated version management, changelog management and package publishing with a focus on monorepos, prereleases and major version zero","archived":false,"fork":false,"pushed_at":"2026-03-30T22:12:50.000Z","size":2418,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-02T07:38:18.273Z","etag":null,"topics":["automation","changelog","cli","major-version-zero","monorepo","pre-release","publish","release","release-automation","release-workflow","semantic-version","semver","semver-release","tags","versioning"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/release-change.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-31T13:50:07.000Z","updated_at":"2026-03-30T22:12:53.000Z","dependencies_parsed_at":"2025-01-31T17:35:25.411Z","dependency_job_id":"e205dad0-e6df-4f9d-a55e-f2a90d8add7b","html_url":"https://github.com/release-change/release-change","commit_stats":null,"previous_names":["release-change/release-change"],"tags_count":77,"template":false,"template_full_name":null,"purl":"pkg:github/release-change/release-change","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-change%2Frelease-change","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-change%2Frelease-change/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-change%2Frelease-change/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-change%2Frelease-change/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/release-change","download_url":"https://codeload.github.com/release-change/release-change/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-change%2Frelease-change/sbom","scorecard":{"id":510645,"data":{"date":"2025-08-19T23:18:14Z","repo":{"name":"github.com/release-change/release-change","commit":"9e9d54f2dd33866fb680c693fdb429ff5e56be84"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/6 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-in-pr-context.yml:18","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/biome.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/commitlint.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/release-in-pr-context.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/run-tests.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info: 8 out of 8 GitHub-owned GitHubAction dependencies pinned","Info: 2 out of 2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"20 out of 20 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-20T00:27:25.449Z","repository_id":275174059,"created_at":"2025-08-20T00:27:25.450Z","updated_at":"2025-08-20T00:27:25.450Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31491097,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","changelog","cli","major-version-zero","monorepo","pre-release","publish","release","release-automation","release-workflow","semantic-version","semver","semver-release","tags","versioning"],"created_at":"2026-01-16T22:55:47.997Z","updated_at":"2026-05-11T01:29:50.718Z","avatar_url":"https://github.com/release-change.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# release-change\n\nFully automated version management, changelog management and package publishing with a focus on monorepos, pre-releases and major version zero\n\n![License: MIT](https://img.shields.io/github/license/release-change/release-change)\n[![ESM-only package](https://img.shields.io/badge/package-ESM--only-ffe536)](https://nodejs.org/api/esm.html)\n[![Conventional Commits 1.0.0](https://img.shields.io/badge/Conventional_Commits-1.0.0-fe5196?logo=conventionalcommits\u0026logoColor=white)](https://conventionalcommits.org)\n[![Checked with Biome](https://img.shields.io/badge/Checked_with-Biome-60a5fa?style=flat\u0026logo=biome)](https://biomejs.dev)\n![Build status](https://img.shields.io/github/actions/workflow/status/release-change/release-change/run-tests.yml)\n\n**release-change** automates the release workflow, determining the next version number, generating release notes and publishing the package.\n\n## How does it work?\n\nrelease-change uses the commit messages to determine the type of change in the codebase. It automatically determines the next [semantic version](https://semver.org).\n\nIt uses the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. The following table shows which release type is got from which commit message when `release-change` runs:\n\n| Commit message | Release type |\n|-------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|\n| `fix: prevent racing of requests` | Patch (fix release) |\n| `feat(lang): add Polish language` | Minor (feature release) |\n| `chore!: drop support for Node 6` | Major (breaking release) |\n| `chore: drop support for Node 6`\u003cbr\u003e\u003cbr\u003e`BREAKING CHANGE: use JavaScript features not available in Node 6.` | Major (breaking release, note that the `BREAKING CHANGE: ` token must be in the footer of the commit) |\n\nIt is meant to be integrated in a CI environment. For each new commit added to one of the release branches (for example: `main`), with `git push`, a pull request merging or a merging from another branch, a CI build is triggered and runs the `release-change` command to make a release if there are codebase changes since the last release which affect the package functionalities.\n\n## Requirements\n\nTo use release-change, you need:\n- to host your code in a GitHub repository,\n- to use GitHub Actions,\n- Git 2.23.0+,\n- a [Node.js](https://nodejs.org) which meets the [version requirements](./SECURITY.md#supported-nodejs-versions),\n- a package manager which meets the [version requirements](./SECURITY.md#supported-package-manager-versions).\n\n## Usage\n\nUse the following command to run release-change in the CI environment:\n```\npnpx @release-change/cli\n```\nIf you are using `npm`:\n```\nnpx @release-change/cli\n```\n\n## Documentation\n\n### CI configuration\n\nrelease-change requires access to the project repository. The Git authentication is set with the `RELEASE_TOKEN` environment variable, which is a [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).\n\nHere are examples of the workflow configuration (the file must be saved in the `.github/workflows/` directory and make sure the option “Allow GitHub Actions to create and approve pull requests” is enabled in your repository settings):\n- using `pnpm`:\n ```yaml\n name: Release\n \n on:\n push:\n branches:\n - main\n \n permissions:\n contents: read # for checkout\n \n jobs:\n release:\n name: Release\n runs-on: ubuntu-latest\n permissions:\n contents: write # to be able to publish a GitHub release\n issues: write # to be able to comment on issues\n pull-requests: write # to be able to comment on pull requests\n id-token: write # to enable use of OpenID Connect to publish to NPM with provenance\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0 # to clone the whole Git history\n - name: Install pnpm\n uses: pnpm/action-setup@v6\n with:\n version: 11\n - name: Setup Node.js\n uses: actions/setup-node@v6\n with:\n node-version: \"lts/*\"\n cache: \"pnpm\"\n - name: Install dependencies\n run: pnpm clean-install\n - name: Release\n env:\n RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}\n ISSUE_PR_TOKEN: ${{ secrets.GITHUB_TOKEN }} # to be able to comment on issues and pull requests, close issues and tag pull requests using the GitHub Actions bot\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n NPM_CONFIG_PROVENANCE: true # to be able to publish to NPM with provenance\n run: pnpx @release-change/cli\n ```\n- using `npm`:\n ```yaml\n name: Release\n \n on:\n push:\n branches:\n - main\n \n permissions:\n contents: read # for checkout\n \n jobs:\n release:\n name: Release\n runs-on: ubuntu-latest\n permissions:\n contents: write # to be able to publish a GitHub release\n issues: write # to be able to comment on issues\n pull-requests: write # to be able to comment on pull requests\n id-token: write # to enable use of OpenID Connect to publish to NPM with provenance\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0 # to clone the whole Git history\n - name: Setup Node.js\n uses: actions/setup-node@v6\n with:\n node-version: \"lts/*\"\n cache: \"npm\"\n - name: Install dependencies\n run: npm clean-install\n - name: Release\n env:\n RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}\n ISSUE_PR_TOKEN: ${{ secrets.GITHUB_TOKEN }} # to be able to comment on issues and pull requests, close issues and tag pull requests using the GitHub Actions bot\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n NPM_CONFIG_PROVENANCE: true # to be able to publish to NPM with provenance\n run: npx @release-change/cli\n ```\n\n### Configuration\n\n#### Configuration file\n\nrelease-change’s options can be set via a `release-change.config.json` file, written in JSON and placed at the root of the project.\n\nAlternatively, some options can be set via CLI arguments.\n\nThe following examples are the same:\n- via `release-change.config.json` file:\n ```json\n {\n \"branches\": [\"main\", \"next\"]\n }\n ```\n- via CLI arguments:\n ```\n release-change --branches main next\n ```\n\n#### Options\n\n##### branches\n\nType: `array` \nDefault: `[\"alpha\", \"beta\", \"main\", \"master\", \"next\"]` \nCLI arguments: `-b \u003cspace-separated branches\u003e`, `--branches \u003cspace-separated branches\u003e`\n\nThe branches on which releases should happen.\n\n##### repositoryUrl\n\nType: `string` \nDefault: `repository` property in `package.json` file \nCLI arguments: `-r \u003curl\u003e`, `--repository-url \u003curl\u003e`\n\nThe Git repository URL.\n\n##### remoteName\n\nType: `string` \nDefault: `\"origin\"` \nCLI arguments: `--remote-name \u003cname\u003e`\n\nThe remote repository name.\n\n##### debug\n\nType: `boolean` \nDefault: `false` \nCLI arguments: `--debug`\n\nOutput debugging information.\n\n##### dryRun\n\nType: `boolean` \nDefault: `false` \nCLI arguments: `-d`, `--dry-run`\n\nThe goal of the dry-run mode is to get a preview of the pending release. The dry-run mode skips the release and the publication steps but checks the repository push permissions.\n\n##### releaseType\n\nType: `object` \nDefault: \n```\n{\n alpha: {\n channel: \"alpha\",\n prerelease: true,\n prereleaseIdentifier: \"alpha\"\n },\n beta: {\n channel: \"beta\",\n prerelease: true,\n prereleaseIdentifier: \"beta\"\n },\n main: {\n channel: \"default\"\n },\n master: {\n channel: \"default\"\n },\n next: {\n channel: \"next\",\n prerelease: true,\n prereleaseIdentifier: \"rc\"\n }\n}\n```\n\nSets an object whose properties are the names of the branches on which the releases should happen. Each branch property is an object with the following properties (all of them are optional):\n- `channel`: the distribution tag associated with the releases when publishing to NPM, which will use the default distribution tag (`\"latest\"`) if the value is `\"default\"`, the value provided otherwise;\n- `prerelease`: `true` if the release should be treated like a pre-release (e.g.: for unstable versions), `false` otherwise;\n- `prereleaseIdentifier`: the identifier to use when tagging a pre-release version (for example, `\"beta\"` if the pre-release should be tagged as something like `2.0.0-beta.1`).\n\n##### dependencyUpdateMethod\n\nType: `string` or `null` \nDefault: `\"pin\"` if it is a monorepo, `null` otherwise\n\nThis optional option sets a string telling how dependencies in each `package.json` file of the monorepo should be updated as far as the monorepo packages are concerned. Its value can be one of the following:\n- `\"pin\"`: the dependencies will be updated using their exact new version (e.g.: `\"@my-monorepo/my-package\": \"1.2.3\"`);\n- `\"caret-range\"`: the dependencies will be updated using their new version within a caret range (e.g.: `\"@my-monorepo/my-package\": \"^1.2.3\"`);\n- `\"tilde-range\"`: the dependencies will be updated using their new version within a tilde range (e.g.: `\"@my-monorepo/my-package\": \"~1.2.3\"`);\n- `\"workspace\"`: the dependencies will be updated using the `workspace` keyword (e.g.: `\"@my-monorepo/my-package\": \"workspace:*\"`).\n\nIf the repository is not a monorepo, the option is ignored.\n\n##### npmPublish\n\nType: `false` \nDefault: see below\n\nThis optional option, when set, can only be `false`. When this option is set, no packages are published to the NPM registry at all; however, the next release is still released and the `package.json` files are still updated. When the option is not set, the publication of each package depends on whether the `private` property in the `package.json` files is set to `true` or not.\n\n## Get help\n\n- [Stack Overflow](https://stackoverflow.com/questions/tagged/release-change)\n\n## Copyright \u0026 licence\n\n© 2025-present Victor Brito — Released under the [MIT licence](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-change%2Frelease-change","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frelease-change%2Frelease-change","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-change%2Frelease-change/lists"}