DEV Community

Bob Matcuk
Bob Matcuk

Posted on

1 1

Comparing package-lock Changes

I recently updated some dependencies in a node project and some things broke. I wanted to get a list of every dependency (and dependencies of dependencies) that changed, so I came up with this little one-liner.

You'll see that I'm passing two "files" into diff via I/O redirection. I'm using git to retrieve the two files - the commit that updated the dependencies had a git hash of 735e8cd3c. So, the first file is 735e8cd3c^:package-lock.json (notice the caret - that means the parent commit of 735e8cd3c - ie, the version before I updated dependencies). The second file is 735e8cd3c:package-lock.json (no caret - ie, the version where I updated dependencies).

I then pipe each file into jq (jq '.dependencies | map_values(.version)') to extract the name and version of every package my project depends on (that includes dependencies of dependencies).

Finally, diff will tell me what changed.

diff <(git show 735e8cd3c^:package-lock.json | jq '.dependencies | map_values(.version)') <(git show 735e8cd3c:package-lock.json | jq '.dependencies | map_values(.version)')
Enter fullscreen mode Exit fullscreen mode

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more