Every few weeks I open a project, run bun outdated or npm outdated, and stare at a list of packages. Some are patch bumps, safe to apply. Some are minor. Some are major. And for every one I'm not sure about, I open a browser tab, find the GitHub releases page, skim the changelog, close the tab, go back to the terminal, type the install command manually.
That workflow is fine. It's just slow, repetitive, and surprisingly easy to get wrong.
So I built depick, a terminal UI that puts the changelog right next to the package list so you can review and apply updates without ever leaving your terminal.
What it looks like
Run depick in any project directory. It scans for outdated packages, fetches release notes for all of them concurrently, then opens a TUI with two panels side by side:
- Left: the package list with risk classification, version changes, and selection toggles
- Right: the release notes for whatever package you're hovering on, rendered as Markdown
Every package gets a risk label: patch, minor, major, or 0.x minor for pre-1.0 packages where minor bumps can still break things. Patch updates are pre-selected by default. Major ones start unselected and need a deliberate choice.
Press x and you get a review screen with every planned change and the exact command before anything runs. Confirm and it applies them one by one with live output.
Why Rust and a TUI
The workflow lives in the terminal so the fix should too. I wanted something that felt native, no Electron, no browser tab, just keyboard-driven and fast. Rust with ratatui and crossterm was the obvious choice. The binary is 3.5MB stripped and starts in under 200ms.
How the release notes work
At startup depick fires concurrent requests to the npm registry to resolve each package's GitHub repository, then hits the GitHub Releases API to find the release matching the target version. For a typical project with 10-15 outdated packages this all resolves in about 500ms before the TUI even opens.
The release body is Markdown, rendered inline with the-other-tui-markdown using a custom theme that matches depick's color palette. Press m to expand into a full-screen reader with scroll support.
If a package has no GitHub release, depick falls back to the releases page and a guessed compare link between the current and target versions.
npm and bun
depick auto-detects your package manager by checking for bun.lock or bun.lockb. For both it uses npm outdated --json as the data source since it produces reliable structured output. For Bun repos where npm is not available it falls back to parsing bun outdated text output.
On apply it runs the right command for your project, bun add pkg@^version or npm install pkg@^version, and preserves your declared semver operator from package.json by default.
Install
cargo install depick
Or from source:
git clone https://github.com/sofianeabbar/depick
cd depick
cargo build --release
Source: github.com/sofianeabbar/depick
Crate: crates.io/crates/depick
It is at v0.1.0. The roadmap includes a disk cache for release notes, filter views, pnpm and yarn support, and a non-interactive CI mode. Feedback and contributions very welcome !
Top comments (0)