--atflag foroutdatedcommand to check what was outdated at a specific date or git ref- Auto-upgrade outdated database schemas instead of erroring
- Fix
outdatedcommand suggesting downgrades when current version is newer than registry
git pkgs sbomcommand to export dependencies as SPDX or CycloneDXgit pkgs integritycommand to show and verify lockfile integrity hashes- Parse go.sum for Go module integrity hashes (no longer ignored)
- Convert Go h1: hashes (base64) to hex for SBOM compatibility
--driftflag to detect packages with different hashes for the same version- Registry integrity comparison via ecosyste.ms API
- Store integrity hashes from lockfiles in dependency_snapshots table
- SBOM export includes supplier info from ecosyste.ms (owner/maintainer)
- License commands use version-level license data when available
- Store supplier_name and supplier_type on packages (schema v5, run
git pkgs upgrade) - Update ecosystems-bibliothecary to ~> 15.3 (integrity extraction from lockfiles)
- Update purl to >= 1.7.1 (ecosyste.ms API URL support)
git pkgs outdatedcommand to find dependencies with newer versions available in registriesgit pkgs licensescommand to check dependency licenses with compliance options (--permissive, --allow, --deny)- ecosyste.ms client for fetching package metadata (latest versions, licenses)
- Package and Version models for storing enrichment data
- Spinner utility for progress feedback during network operations
- PURL helper for standardized package URLs
outdatedis no longer an alias forstale(now a separate command)
git pkgs vulnssubcommand for vulnerability scanning via OSV APIgit pkgs vulns scanto scan dependencies for known vulnerabilitiesgit pkgs vulns showto display details for a specific vulnerabilitygit pkgs vulns syncto prefetch vulnerability data for all packagesgit pkgs vulns exposureto analyze vulnerability exposure over timegit pkgs vulns praiseto show resolved vulnerabilities with attribution- SARIF output format for CI integration (
--format=sarif) - Docker container support for running git-pkgs without local Ruby installation
listcommand now shows locked versions and manifest kind--statelessflag forlist,show, anddiffcommands (auto-enabled when no database exists)- Update ecosystems-bibliothecary to ~> 15.2
- Fix
-fflag conflict indiffcommand (was defined for both--fromand--format)
--format=jsonsupport fordiff,tree,stale, andwhycommands- Ignore go.sum (checksums only), treat go.mod as lockfile
- Update ecosystems-bibliothecary to ~> 15.1
--manifestfilter forlistcommand to filter by manifest path- Stateless parsing API for forge integration (
Git::Pkgs.parse_file,parse_files,diff_file)
- Fix
statscommand crash on most changed dependencies query - Fix
searchcommand SQL alias error when displaying results - Fix
blameandstalecommands eager loading error - Fix
listcommand returning empty output when ecosystem filter matches nothing
- Replace ActiveRecord with Sequel (~3x faster init, ~2x faster queries)
git pkgs statsnow shows top authors in default output- Update ecosystems-bibliothecary to ~> 15.0 (~10x faster lockfile parsing)
- Fewer runtime dependencies
- Quieter output from
initandupdatecommands
git pkgs initnow installs git hooks by default (use--no-hooksto skip)- Parallel prefetching of git diffs for ~2x speedup on large repositories (1500+ commits)
- Performance tuning via environment variables:
GIT_PKGS_BATCH_SIZE,GIT_PKGS_SNAPSHOT_INTERVAL,GIT_PKGS_THREADS git pkgs completionscommand for bash/zsh tab completion- Fix N+1 queries in
blame,stale,stats, andlogcommands - Configuration via git config:
pkgs.ecosystems,pkgs.ignoredDirs,pkgs.ignoredFiles git pkgs info --ecosystemsto show available ecosystems and their status-q, --quietflag to suppress informational messagesgit pkgs diffnow supportscommit..commitrange syntax--git-dirand--work-treeglobal options (also respectsGIT_WORK_TREEenv var)- Grouped commands by category in help output
- Fix crash when parsing manifests that return no dependencies
git pkgs wherecommand to find where a package is declared in manifest filesgit pkgs diff-drivercommand for semantic lockfile diffs ingit diff- Ruby 4.0 support
- Fix branch name retrieval and final snapshot storage in
git pkgs init - Fix
git pkgs infosnapshot coverage output when zero snapshots - Fix manifest file pattern matching for wildcard characters
- Fix co-author name parsing in
git pkgs blame
- Pager support for long output (respects
GIT_PAGER,core.pager,PAGER) --no-pageroption for commands with long output- Colored output (respects
NO_COLOR,color.ui,color.pkgs) GIT_DIRandGIT_PKGS_DBenvironment variable supportgit pkgs statsnow supports--sinceand--untildate filters- Consistent error handling across all commands (JSON errors when
--format=json) git pkgs updatenow uses a transaction for atomicity and better performance- Renamed
git pkgs outdatedtogit pkgs stale(outdated remains as alias) git pkgs logcommand to list commits with dependency changesgit pkgs schemacommand to output database schema in text, SQL, JSON, or markdowngit pkgs praisealias forblamegit pkgs upgradecommand to handle schema upgrades after updating git-pkgs- Schema version tracking with automatic detection of outdated databases
git pkgs showcommand to display dependency changes in a single commitgit pkgs historynow supports--author,--since, and--untilfiltersgit pkgs stats --by-authorshows who added the most dependenciesgit pkgs stats --ecosystem=Xfilters statistics by ecosystem
git pkgs historynow works without a package argument to show all dependency changesgit pkgs diffsupports git refs (HEAD~10, branch names, tags) not just SHAsgit pkgs difflazily inserts commits not found in the database- Expanded manifest file pattern matching for all supported ecosystems
- Switched to ecosystems-bibliothecary
- Initial release