Analyse Command

The analyse command is the primary command for inspecting what has changed in your project's dependencies. cli-analyse.png

Usage

whatsdiff analyse [options]

Options

Comparison Options

  • --from - Specify the starting commit, branch, or tag to compare from (older version)
  • --to - Specify the ending commit, branch, or tag to compare to (defaults to HEAD if not specified)
  • --ignore-last - Ignore uncommitted changes and compare the last two commits

Output Options

  • --format, -f - Output format: text (default), json, or markdown
  • --no-progress - Disable the progress bar (useful for CI/CD environments)

Filtering Options

  • --include - Include only specific package managers (comma-separated: composer, npmjs)
  • --exclude - Exclude specific package managers (comma-separated: composer, npmjs)

Cache Options

  • --no-cache - Disable caching and force fresh data retrieval

Option Conflicts

  • --ignore-last cannot be used with --from or --to
  • --include and --exclude are mutually exclusive

What It Does

The analyse command:

  1. Reads your composer.lock and/or package-lock.json files
  2. Compares two versions of your dependencies:
    • Default: Current HEAD vs. previous commit
    • Custom: Any two commits, branches, or tags using --from and --to
  3. Shows which packages were:
    • Added (new dependencies)
    • Removed (dependencies that were removed)
    • Updated (existing dependencies with version changes)
  4. Displays results in your preferred format (text, JSON, or markdown)

Example Output

$ whatsdiff analyse

composer.lock changes

  ↑↑ laravel/framework         v11.0.0  →  v11.1.0   (2 releases)
    guzzlehttp/guzzle         7.8.0    →  7.8.1     (1 release)
    symfony/http-kernel       v6.4.0   →  v6.4.1    (1 release)
   + symfony/console           ^6.4
   + symfony/process           ^6.4
   × deprecated/package        ^1.0

Examples

Basic Usage

Analyze changes between current HEAD and the previous commit:

whatsdiff analyse

Compare Specific Commits

Compare dependency changes between two specific commits:

whatsdiff analyse --from=abc123 --to=def456

Compare Branches

See what dependency changes exist between branches:

# Compare main to develop branch
whatsdiff analyse --from=main --to=develop

# Compare your current branch to main
whatsdiff analyse --from=main --to=HEAD

Compare Against a Tag

Check dependency changes since a release:

whatsdiff analyse --from=v1.0.0 --to=HEAD

JSON Output for CI/CD

Output in JSON format for parsing in scripts:

whatsdiff analyse --format=json --no-progress

Markdown Output

Generate markdown-formatted output for PR descriptions:

whatsdiff analyse --format=markdown > dependency-changes.md

Filter by Package Manager

Only show PHP/Composer changes:

whatsdiff analyse --include=composer

Only show JavaScript/npm changes:

whatsdiff analyse --include=npmjs

Ignore Uncommitted Changes

Compare the last two commits, ignoring any uncommitted working directory changes:

whatsdiff analyse --ignore-last

Disable Caching

Force fresh data retrieval, bypassing the cache:

whatsdiff analyse --no-cache

Common Workflow

A typical workflow for updating dependencies and reviewing changes before committing:

# Update all dependencies and immediately review what changed
$ npm update && composer update -W && whatsdiff

Updating dependencies...
npm update complete (3 packages updated)

Loading composer repositories with package information
Updating dependencies
...
Package operations: 2 installs, 5 updates, 0 removals
Writing lock files

composer.lock changes

  ↑↑ laravel/framework         v11.0.0  →  v11.1.0   (2 releases)
    symfony/http-kernel       v6.4.0   →  v6.4.1    (1 release)
   + symfony/console           ^6.4

# Review looks good - commit the changes
$ git add composer.lock package-lock.json
$ git commit -m "chore: update dependencies"
$ git push

Using whatsdiff before committing helps you:

  • Understand what changed instead of blindly committing lock file updates
  • Write better commit messages with specific version information if needed
  • Catch unexpected changes like major version bumps or removed packages

Exit Codes

The command uses standard exit codes for integration with scripts and CI/CD pipelines:

Exit Code Status Description
0 SUCCESS Command executed successfully
1 FAILURE Validation error or command failure

Supported Lock Files

  • composer.lock (PHP/Composer)
  • package-lock.json (JavaScript/npm)

Both files are analyzed automatically if present in your project.

Related Commands

  • Use between to compare specific commits or branches
  • Use check to verify a single package
  • Use tui for an interactive view