Depick: see the changelog before you update, never leave the terminal

Soabbar — Sat, 21 Mar 2026 15:37:22 +0000

Every few weeks I open a project, run bun outdated or npm outdated, and stare at a list of packages. Some are patch bumps, safe to apply. Some are minor. Some are major. And for every one I'm not sure about, I open a browser tab, find the GitHub releases page, skim the changelog, close the tab, go back to the terminal, type the install command manually.

That workflow is fine. It's just slow, repetitive, and surprisingly easy to get wrong.

So I built depick, a terminal UI that puts the changelog right next to the package list so you can review and apply updates without ever leaving your terminal.

What it looks like

Run depick in any project directory. It scans for outdated packages, fetches release notes for all of them concurrently, then opens a TUI with two panels side by side:

Left: the package list with risk classification, version changes, and selection toggles
Right: the release notes for whatever package you're hovering on, rendered as Markdown

Every package gets a risk label: patch, minor, major, or 0.x minor for pre-1.0 packages where minor bumps can still break things. Patch updates are pre-selected by default. Major ones start unselected and need a deliberate choice.

Press x and you get a review screen with every planned change and the exact command before anything runs. Confirm and it applies them one by one with live output.

Why Rust and a TUI

The workflow lives in the terminal so the fix should too. I wanted something that felt native, no Electron, no browser tab, just keyboard-driven and fast. Rust with ratatui and crossterm was the obvious choice. The binary is 3.5MB stripped and starts in under 200ms.

How the release notes work

At startup depick fires concurrent requests to the npm registry to resolve each package's GitHub repository, then hits the GitHub Releases API to find the release matching the target version. For a typical project with 10-15 outdated packages this all resolves in about 500ms before the TUI even opens.

The release body is Markdown, rendered inline with the-other-tui-markdown using a custom theme that matches depick's color palette. Press m to expand into a full-screen reader with scroll support.

If a package has no GitHub release, depick falls back to the releases page and a guessed compare link between the current and target versions.

npm and bun

depick auto-detects your package manager by checking for bun.lock or bun.lockb. For both it uses npm outdated --json as the data source since it produces reliable structured output. For Bun repos where npm is not available it falls back to parsing bun outdated text output.

On apply it runs the right command for your project, bun add pkg@^version or npm install pkg@^version, and preserves your declared semver operator from package.json by default.

Install

cargo install depick

Or from source:

git clone https://github.com/sofianeabbar/depick
cd depick
cargo build --release

Source: github.com/sofianeabbar/depick
Crate: crates.io/crates/depick