srwiez / whatsdiff
See what's changed in your project's dependencies
Maintainers
Fund package maintenance!
Requires
- php: ^8.2
- composer-runtime-api: ^2.2
- ext-dom: *
- ext-mbstring: *
- composer/semver: ^3.4
- guzzlehttp/guzzle: ^7.0
- illuminate/collections: ^10.0|^11.0|^12.0
- joetannenbaum/chewie: 0.1.11
- laravel/agent-detector: ^2.0
- laravel/prompts: ^0.1|^0.2|^0.3
- league/container: ^5.1
- php-mcp/server: ^2.0
- psr/container: ^2.0
- react/promise: ^3.3
- saloonphp/saloon: ^4.0
- symfony/cache: ^7.4|^8.0
- symfony/console: ^7.4|^8.0
- symfony/filesystem: ^7.4|^8.0
- symfony/process: ^7.4|^8.0
- symfony/yaml: ^7.4|^8.0
Requires (Dev)
- cweagans/composer-patches: ^1.7
- humbug/box: ^4.3
- laravel/pint: ^1.13
- mockery/mockery: ^1.6
- nunomaduro/collision: ^7.0|^8.0
- pestphp/pest: ^2.0|^3.0|^4.0
- phpstan/phpstan: ^2.0
- spatie/ray: ^1.41
- dev-main
- v2.5.0
- v2.4.0
- v2.3.0
- v2.2.0
- v2.1.0
- v2.0.0
- v1.6.0
- v1.5.0
- v1.4.3
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.0
- v1.2.0
- v1.1.0
- v1.0.2
- v1.0.1
- v1.0.0
- dev-agent-detect-json-default
- dev-changelog-all-updated
- dev-feat/audit-command
- dev-harden-workflows
- dev-fix-supported-deps
- dev-php85-support
- dev-feature/mcp-binaries
- dev-mcp-server
- dev-feature/terminal-ui
- dev-claude/auto-github-token-011CUU1ydTMHLXt2iGDyNVY9
- dev-claude/update-phpstan-changelog-011CUTrkQJBJe2f7kuyh84y2
- dev-feature/auto-links-on-changelog
- dev-feature/release-notes-extraction
This package is auto-updated.
Last update: 2026-06-04 08:02:08 UTC
README
What's diff is a CLI tool to help you inspect what has changed in your dependencies after a composer update, npm update, or pnpm update.
Visit whatsdiff.app for complete documentation and usage examples.
✨ Features
- Analyse changes in
composer.lock,package-lock.json, andpnpm-lock.yamlbetween commits - Read changelog and release notes of updated packages
- Interactive Terminal UI
- Multiple output formats (text, JSON, markdown)
- MCP server to help LLM understand how to upgrade your project dependencies
- CI/CD integration to check if specific packages have changed
🚀 Installation
Via Composer global require command
composer global require whatsdiff/whatsdiff
or by downloading binaries on the latest release, currently only these binaries are compiled on the CI:
- macOS x86_64
- macOS arm64
- linux x86_64
- linux arm64
- windows x64
📚 Usage
For complete documentation, visit whatsdiff.app/docs
Analyse Command
Show what changed after your last composer update, npm update, or pnpm update:
whatsdiff
# or explicitly
whatsdiff analyse
Between Command
Compare dependencies between two commits, branches, or tags:
# Compare between two tags whatsdiff between v1.0.0 v2.0.0 # Compare between commits whatsdiff between abc123 def456 # Compare from a commit to HEAD whatsdiff between abc123
Terminal UI Mode
Launch an interactive Terminal UI with keyboard navigation:
whatsdiff tui
Check Command
Check if a specific package has changed (useful for CI/CD):
# Check if a package was updated whatsdiff check livewire/livewire --is-updated # Check if a package was added whatsdiff check new/package --is-added # Use in scripts with exit codes if whatsdiff check critical/package --is-updated --quiet; then echo "Critical package updated, running extra tests..." fi
Changelog Command
View release notes for updated packages:
whatsdiff changelog guzzlehttp/guzzle 7.7.0...7.8.1 --type=composer --summary # Or aggregate changelogs for every updated package since the last commit whatsdiff changelog # Aggregate between two refs, restricted to composer whatsdiff changelog --from=v1.0.0 --to=v2.0.0 --include=composer
Audit Command
List known security advisories that affect your installed dependencies. Works
on composer.lock, package-lock.json, and pnpm-lock.yaml, like composer audit /
npm audit / pnpm audit but with whatsdiff's output formats:
# Audit current working-tree lockfiles, suggest the lowest safe upgrade per CVE whatsdiff audit # CI-friendly: exit non-zero only when a high or critical advisory is found whatsdiff audit --fail-on=high # Audit the lockfile at a specific commit/tag instead of the working tree whatsdiff audit --at=v2.3.0 # Diff mode: only report advisories newly introduced between two refs whatsdiff audit --from=v2.2.0 --to=v2.3.0 # JSON output, skip suggested-fix lookups for speed whatsdiff audit --format=json --no-fix
npm and pnpm audits query the GitHub Advisory Database once per package, so the first run on a large
package-lock.jsonorpnpm-lock.yamlmay be slow; subsequent runs are cached.
Configuration
Manage cache and other settings:
# View all configuration whatsdiff config # Disable cache whatsdiff config cache.enabled false # Set cache time limits (in seconds) whatsdiff config cache.min-time 600
Output Formats
All commands support multiple output formats:
# JSON output whatsdiff --format=json # Markdown output whatsdiff --format=markdown # Disable cache for a single run whatsdiff --no-cache
AI Agent Auto-Detection
When whatsdiff is invoked from inside an AI coding agent (Claude Code, Cursor, Gemini CLI, Codex,
Copilot CLI, OpenCode, Replit, Devin, Augment, Amp, Antigravity, Pi, Kiro, etc.), it detects the
environment via well-known variables (powered by
laravel/agent-detector) and defaults --format to
json so the agent receives structured output without parsing colored text. Passing --format=text
(or any other explicit value) always overrides the auto-detected default.
🔧 Contributing
This project follows PSR coding style. You can use composer pint to apply.
All tests are executed with pest. Use composer pest
It's recommended to execute composer qa before commiting (alias for executing Pint and Pest)
Testing
This project use Pest for testing.
composer test
Build from sources
This project use box, php-static-cli and php-micro. A build script has been created to build the project. (tested only on macOS x86_64)
composer build
Then you can build the binary that you can retrieve in build/bin/
👥 Credits
whatsdiff was created by Eser DENIZ.
📝 License
whatsdiff PHP is licensed under the MIT License. See LICENSE for more information.