ion-bazan / composer-diff
Compares composer.lock changes and generates Markdown report so you can use it in PR description.
Fund package maintenance!
IonBazan
Installs: 533 255
Dependents: 0
Suggesters: 0
Security: 0
Stars: 87
Watchers: 5
Forks: 5
Open Issues: 1
Type:composer-plugin
Requires
- php: >=5.3.2
- composer-plugin-api: ^1.1 || ^2.0
- ext-json: *
Requires (Dev)
- composer/composer: ^1.1 || ^2.0
- symfony/console: ^2.3 || ^3.0 || ^4.0 || ^5.0 || ^6.0 || ^7.0
- symfony/phpunit-bridge: ^4.2 || ^5.0 || ^6.0 || ^7.0
Suggests
- composer/composer: To use the binary without composer runtime
- symfony/console: To use the binary without composer runtime
README
Generates packages changes report in Markdown format by comparing composer.lock files. Compares with last-commited changes by default.
Now available as GitHub Action!
Installation
composer global require ion-bazan/composer-diff
Usage
composer diff # Displays packages changed in current git tree compared with HEAD composer diff --help # Display detailed usage instructions
Example output
| Prod Packages | Operation | Base | Target |
|---|---|---|---|
| psr/event-dispatcher | New | - | 1.0.0 |
| symfony/deprecation-contracts | New | - | v2.1.2 |
| symfony/event-dispatcher | Upgraded | v2.8.52 | v5.1.2 |
| symfony/event-dispatcher-contracts | New | - | v2.1.2 |
| symfony/polyfill-php80 | New | - | v1.17.1 |
| php | New | - | >=5.3 |
| Dev Packages | Operation | Base | Target |
|---|---|---|---|
| phpunit/php-code-coverage | Downgraded | 8.0.2 | 7.0.10 |
| phpunit/php-file-iterator | Downgraded | 3.0.2 | 2.0.2 |
| phpunit/php-text-template | Downgraded | 2.0.1 | 1.2.1 |
| phpunit/php-timer | Downgraded | 5.0.0 | 2.1.2 |
| phpunit/php-token-stream | Downgraded | 4.0.2 | 3.1.1 |
| phpunit/phpunit | Downgraded | 9.2.5 | 8.5.8 |
| sebastian/code-unit-reverse-lookup | Downgraded | 2.0.1 | 1.0.1 |
| sebastian/comparator | Downgraded | 4.0.2 | 3.0.2 |
| sebastian/diff | Downgraded | 4.0.1 | 3.0.2 |
| sebastian/environment | Downgraded | 5.1.1 | 4.2.3 |
| sebastian/exporter | Downgraded | 4.0.1 | 3.1.2 |
| sebastian/global-state | Downgraded | 4.0.0 | 3.0.0 |
| sebastian/object-enumerator | Downgraded | 4.0.1 | 3.0.3 |
| sebastian/object-reflector | Downgraded | 2.0.1 | 1.1.1 |
| sebastian/recursion-context | Downgraded | 4.0.1 | 3.0.0 |
| sebastian/resource-operations | Downgraded | 3.0.1 | 2.0.1 |
| sebastian/type | Downgraded | 2.1.0 | 1.1.3 |
| sebastian/version | Downgraded | 3.0.0 | 2.0.1 |
| phpunit/php-invoker | Removed | 3.0.1 | - |
| sebastian/code-unit | Removed | 1.0.3 | - |
Options
--base(-b) - path, URL or git ref to originalcomposer.lockfile--target(-t) - path, URL or git ref to modifiedcomposer.lockfile--no-dev- ignore dev dependencies (require-dev)--no-prod- ignore prod dependencies (require)--with-platform(-p) - include platform dependencies (PHP, extensions, etc.)--with-links(-l) - include compare/release URLs--format(-f) - output format (mdtable, mdlist, json, github) - default:mdtable--gitlab-domains- custom gitlab domains for compare/release URLs - default: use composer config
Advanced usage
composer diff master # Compare current composer.lock with the one on master branch composer diff master:composer.lock develop:composer.lock -p # Compare master and develop branches, including platform dependencies composer diff --no-dev # ignore dev dependencies composer diff -p # include platform dependencies composer diff -f json # Output as JSON instead of table
You can find more documentation in the docs directory.
Strict mode
To help you control your dependencies, you may pass --strict option when running in CI. If there are any changes detected, a non-zero exit code will be returned.
Exit code of the command is built using following bit flags:
0- OK.1- General error.2- There were changes in prod packages.4- There were changes is dev packages.8- There were downgrades in prod packages.16- There were downgrades in dev packages.
You may check for individual flags or simply check if the status is greater or equal 8 if you don't want to downgrade any package.
Contributing
Composer Diff is an open source project that welcomes pull requests and issues from anyone. Before opening pull requests, please consider reading our short Contribution Guidelines.
Similar packages
While there are several existing packages offering similar functionality:
- jbzoo/composer-diff - requires PHP 7.2+, no composer plugin support
- josefglatz/composer-diff-plugin - works only right after install/update
- davidrjonas/composer-lock-diff - does not work as composer plugin
This package offers:
- Support for wide range of PHP versions, starting from 5.3.2 up to 8.0 and newer.
- No dependencies if you run it as composer plugin.
- Both standalone executable and composer plugin interface - you choose how you want to use it.
- Allows generating reports in several formats.
- Extra Gitlab domains support.
- GitHub Action with example workflow
- 100% test coverage.
- MIT license.