WhatsDiff

Product Introduction

1. WhatsDiff is a command-line interface (CLI) tool designed to analyze and visualize dependency changes in PHP and JavaScript projects after running composer update or npm update. It provides developers with a clear breakdown of added, removed, or updated dependencies directly in their terminal.
2. The core value of WhatsDiff lies in its ability to simplify dependency management by aggregating changelogs, enabling risk assessment, and offering automation-friendly outputs, all while eliminating the need to manually sift through fragmented version histories or external documentation.

Main Features

1. WhatsDiff offers an interactive terminal user interface (TUI) that allows developers to review aggregated changelogs and dependency changes in real time, with navigation optimized for keyboard-driven workflows.
2. The tool supports JSON and Markdown output formats, enabling seamless integration into CI/CD pipelines, documentation generators, or custom automation scripts for post-update analysis.
3. It includes a Model Context Protocol (MCP) server that facilitates integration with AI-powered development tools, allowing for advanced dependency upgrade suggestions and contextual assistance during code reviews.

Problems Solved

1. Developers often struggle to track meaningful changes across dependencies after updates, leading to potential compatibility issues or undetected breaking changes in production environments.
2. The tool targets PHP and JavaScript developers, DevOps engineers, and teams managing large-scale projects with frequent dependency updates, particularly those prioritizing security and stability.
3. Typical use cases include auditing dependency changes before deployment, generating compliance-ready change reports, and automating upgrade impact analysis in CI/CD workflows to prevent regressions.

Unique Advantages

1. Unlike generic dependency trackers, WhatsDiff specializes in contextual analysis by correlating version changes with aggregated changelog data, providing actionable insights rather than raw version diffs.
2. Its MCP server introduces a protocol-first approach, enabling bidirectional communication with AI code assistants and IDEs to deliver upgrade recommendations based on project-specific context.
3. As a free and open-source solution, WhatsDiff avoids vendor lock-in while offering enterprise-grade features like exit code controls for CI/CD systems and standardized output formats for audit trails.

Frequently Asked Questions (FAQ)

1. How do I install WhatsDiff? The tool can be installed globally via Composer using composer global require whatsdiff/whatsdiff, ensuring availability across all terminal sessions and project directories.
2. Does WhatsDiff support both Composer and npm? Yes, it automatically detects and analyzes dependency changes in both composer.lock and package-lock.json files, providing unified reporting for PHP and JavaScript ecosystems.
3. Can I integrate WhatsDiff into my CI/CD pipeline? Absolutely—the CLI returns specific exit codes based on severity of changes (e.g., breaking changes trigger non-zero exits), allowing pipeline configurations to block deployments until changes are reviewed.
4. What is the purpose of the MCP server? The MCP server acts as a middleware layer that enables tools like AI coding assistants to query dependency change contexts and suggest upgrade strategies without manual terminal interaction.
5. Is the GitHub App available yet? The GitHub App is currently in development and will soon provide automated dependency change summaries directly in pull request comments, with configurable notification thresholds.