I built a CLI to render lock file diffs human readable

Name: I built a CLI to render lock file diffs human readable
Availability: InStock
Author: Basgug25

by Basgug25·May 5, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemCozy

Finally stops lockfile diffs from burying real changes under thousands of hash churn lines.

Strengths

•Auto-detects ecosystem from file content; works with both npm and Python uv lockfiles.
•Collapses multiple versions per package name to show direct vs transitive dependency changes.
•Exit codes enable CI integration to fail builds when unexpected bumps occur.

Weaknesses

•Only supports two ecosystems; no yarn.lock, Cargo.lock, or go.mod support yet.
•No semantic versioning analysis to flag major vs patch bumps automatically.

Post Description

Reading `git diff package-lock.json` is painfully hard to read, thousands of lines of reordered keys and integrity hashes for one real change buried in there. Lockdiff parses two lockfiles and prints just what was added, removed, or version-bumped.

Currently supports uv.lock and package-lock.json.

https://github.com/Basliel25/lockdiff

Feedback welcome, especially anyone with a gnarly real-world package-lock.json that breaks it. Open for collaborations to support multiple ecosystems.