conventional-changelog-conventionalcommits

Conventionalcommits.org preset for conventional-changelog.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

bcoeoss-botdangreen

Keywords

conventional-changelogconventionalcommits.orgpreset

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): dangreen is an established publisher (603 approved packages) taking over from oss-bot; consistent with a legitimate maintainer transition in the conventional-changelog org.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Established package in the conventional-changelog org; lack of provenance is a minor hygiene issue, not a security risk for this package.	ai	2026/04/23

Versions (showing 32 of 32)

Version	Deps	Published
9.3.1	1 / 0	2026-03-29
9.3.0	1 / 0	2026-03-04
9.2.0	1 / 0	2026-03-01
9.1.0	1 / 0	2025-07-10
9.0.0	1 / 0	2025-05-19
8.0.0	1 / 0	2024-05-03
7.0.2	1 / 0	2023-09-08
7.0.1	1 / 0	2023-08-27
7.0.0	1 / 0	2023-08-27
6.1.0	1 / 0	2023-06-17
6.0.0	1 / 0	2023-06-06
5.0.0	3 / 0	2022-05-27
4.6.3	3 / 0	2021-12-29
4.6.2	3 / 0	2021-12-25
4.6.1	3 / 0	2021-09-09
4.6.0	3 / 0	2021-04-30
4.5.0	3 / 0	2020-11-05
4.4.0	3 / 0	2020-08-12
4.3.1	3 / 0	2020-06-20
4.3.0	3 / 0	2020-05-08
4.2.3	3 / 0	2019-11-07
4.2.2	3 / 0	2019-10-24
4.2.1	3 / 0	2019-10-03
4.1.0	2 / 0	2019-07-29
4.0.0	2 / 0	2019-05-18
3.0.2	2 / 0	2019-05-05
3.0.1	2 / 0	2019-05-02
3.0.0	2 / 0	2019-05-02
2.0.0	2 / 0	2019-04-26
1.1.2	2 / 0	2019-04-24
1.1.1	2 / 0	2019-04-11
1.1.0	2 / 0	2019-04-10