Show diff between package versions
in progress
Daniel Suchý
Ability to review diff of two packages version could really simplify reviews of newly released version for potentionally harmful code.
Something like this https://my.diffend.io/npm/ua-parser-js/0.7.28/0.7.29
You can very easily spot harmful code here.
Feross Aboukhadijeh (Socket)
in progress
We actually shipped this feature months ago, though it's not super discoverable yet!
Here's an example of a package diff: https://socket.dev/npm/package/event-source-polyfill/diff/1.0.26
From any package page, you can access diffs by clicking the "Versions" tab in the sidebar, and then clicking on the "Go to diff page" link.