When reviewing a Pull Request that touched composer.json
and composer.lock
files you might notice that the diffs are usually pretty huge and it's almost impossible to tell what exactly happened there - which packages got added, updated, downgraded or removed? Nobody knows.
That's because Composer stores information about all packages that should be installed in composer.lock
together with some of their metadata. This helps to manage the dependencies efficiently and browse most information offline but there is currently no built-in way to compare these files when changed.
How to live with that?
Don't worry, I got you. Simply install Composer-Diff plugin which allows you to easily compare any two versions of your composer.lock
files:
composer global req ion-bazan/composer-diff
To run it in your repository:
composer diff # Displays packages changed in current git tree compared with HEAD
composer diff --help # Display detailed usage instructions
By default, it compares current filesystem version with your last committed changes (to use it locally just before committing your new changes):
It produces a colourful, tabulated markdown output which can be copy-pasted into your PR description for reference 🤩
Besides of generating diff for your current filesystem changes, you can compare any 2 git refs or local copies of files using --base
and --target
options or arguments:
composer diff master # Compare current composer.lock with the one on master branch
composer diff master:composer.lock develop:composer.lock -p # Compare master and develop branches, including platform dependencies
composer diff --no-dev # ignore dev dependencies
composer diff -p # include platform dependencies
composer diff -f json # Output as JSON instead of table
Did I mention it works with all PHP versions from 5.3 all the way till 8.4+?
OK but I'm lazy
Me too! That's why I made things even easier with GitHub Actions - I'm adding Composer Diff Action to all my projects to enjoy an automated report in every PR.
Another day, another useful automation.
OK but I don't like you
No problem, you can check out a few other tools instead:
- jbzoo/composer-diff - requires PHP 7.2+, no composer plugin support
- josefglatz/composer-diff-plugin - works only right after install/update
- davidrjonas/composer-lock-diff - does not work as composer plugin
Top comments (0)