A blog about software development, written by Daniel Diekmeier. Archive.

Compensate for Missing Changelogs with npm-diff

January 3, 2023

I need to tell you about a cool tool that I found: It’s npm-diff by Julian Gruber.

At work, we use Depfu to keep our dependencies up to date. (I guess we could also use Dependabot? But somehow Depfu seems to be a little bit less annoying? I'm actually not sure!)

Anyway. Depfu creates a pull request for each new version of your dependencies. More importantly (for this blog post), it also tries to show you the changelog. But sometimes, the changelog is not very helpful. Often, Depfu can't actually find it – this happens often if the dependency is part of a monorepo, or if it moved, or if Depfu just doesn't feel well. In other cases, the changelog just contains a list of commits, which is very noisy and hard to understand.

The Google API Ruby Client is especially bad at this. The Changelog only says that the API Client was automatically regenerated.

Wouldn't it be nice if we could see the actual changes in the new version?

An example is probably worth a thousand words. This command shows the changes between the 4.1.3 and 4.1.4 versions of the @splidejs/splide package:

npx npm-diff @splidejs/splide 4.1.3 4.1.4
--- 4.1.3/package.json	1985-10-26 09:15:00
+++ 4.1.4/package.json	1985-10-26 09:15:00
@@ -1,6 +1,6 @@
 {
   "name": "@splidejs/splide",
-  "version": "4.1.3",
+  "version": "4.1.4",
@@ -91,15 +91,16 @@
   ],
   "exports": {
     ".": {
+      "types": "./dist/types/index.d.ts",
       "require": "./dist/js/splide.cjs.js",
       "import": "./dist/js/splide.esm.js",
       "default": "./dist/js/splide.esm.js"
     },

(The actual output is a bit longer, but this is enough to get the idea.)

Now we know: It looks like the main change is that the package now exports its types. If CI passes, this looks like a safe change to me.

Bonus: If you’re using Ruby, there is also a Bundler plugin that does the same thing for Ruby Gems: https://github.com/readysteady/bundle-diff.