Warning: This tool is still in early development. The API may change, and some features are incomplete or not yet fully tested. Use in production at your own risk.

Find which workspace packages are affected by lockfile changes.

Install globally when you want a persistent lockfile-affected command:

npm install -g lockfile-affected
# or
pnpm add -g lockfile-affected

Install in a repository:

pnpm add -D lockfile-affected

Pass the before and after lockfile snapshots as arguments. Use shell process substitution to avoid temp files:

# Compare against a specific branch
lockfile-affected <(git show origin/main:pnpm-lock.yaml) pnpm-lock.yaml

# Compare against the merge base (typical CI usage)
BASE=$(git merge-base HEAD origin/main)
lockfile-affected <(git show $BASE:pnpm-lock.yaml) pnpm-lock.yaml

Works with pnpm, npm, Yarn Berry (v2+), and Bun lockfiles (bun.lock).

For full Git and CI usage patterns, see the CLI guide: packages/cli/README.md.

• lockfile-affected — CLI
• @lockfile-affected/core — pure diff and resolution engine
• @lockfile-affected/lockfile-pnpm — pnpm-lock.yaml parser
• @lockfile-affected/lockfile-npm — package-lock.json parser
• @lockfile-affected/lockfile-yarn — yarn.lock parser (Yarn Berry v2+)
• @lockfile-affected/lockfile-bun — bun.lock parser

This project was developed with AI assistance.