dpndncY

Breaking-change analysis

The reason teams ignore dependency-bump PRs is fear of breakage. dpndncY pre-flights every fix: a semver-aware diff that calls out API-surface impact directly in the PR description, so you know whether a bump is a rubber-stamp or needs real review before you merge.

What it reports

  • Semver classification — major / minor / patch, and “effectively-major” when a minor release actually removed or changed public API.
  • API-surface diff — which exported symbols changed, were removed, or were added, per language where the package’s API is introspectable.
  • Public-API touch — whether the changed surface is something your code actually uses (cross-referenced with the call graph / reachability).
  • Risk verdict — a quick read: safe bump, review recommended, or likely breaking.
Fix the bug without the breakage surprise
The most useful line in a fix PR is “this bump is patch-level and touches no API you call” — that’s a merge in seconds. The next most useful is “this is effectively-major and changes a function you use on line X” — that’s the one to slow down on.

See also