What's Changed
Hover over any package version in package.json. See exactly what changed.
No more opening 4 browser tabs to decide if ^3.2.1 → 4.0.0 is safe to update.
The Problem
Every developer has done this ritual:
- Notice an outdated package
- Open the npm page
- Hunt for the GitHub repo
- Scroll past 47 unrelated issues to find the CHANGELOG
- Ctrl+F for the version number
- Read 3 paragraphs of "exciting new features" to find the one breaking change that affects you
- Give up and either update blindly or stay outdated forever
What's Changed skips all of that.
What You Get
Hover over a version string in package.json and instantly see:
📦 react
18.2.0 → 19.1.0 — 🚨 MAJOR UPDATE
─────────────────────────────────
v19.0.0 (2024-04-25)
🚨 Contains breaking changes
⚠️ Deprecations
- Removed deprecated lifecycle methods
- New JSX transform required
- Added new use() hook
─────────────────────────────────
v18.3.0 (2024-03-12)
⚠️ Deprecations
- Deprecated componentWillReceiveProps
- Added useActionState hook
─────────────────────────────────
View full release notes on GitHub →
All inline. No browser. No context switching.
How It Works
- You hover over a version string
- The extension checks your lockfile for the actually installed version
- Fetches the latest version from the npm registry
- Pulls GitHub release notes for every version between yours and latest
- Falls back to the repo's
CHANGELOG.md if no GitHub releases exist
- Shows you what's breaking, what's deprecated, and what's a security fix — highlighted
Everything is cached for 5 minutes so repeat hovers are instant.
Lockfile Support
When a lockfile is present, the diff is based on what's actually installed — not just what's in package.json. This makes the diff accurate, not approximate.
| Lockfile |
Status |
package-lock.json (npm v2/v3) |
✅ |
yarn.lock (classic v1) |
✅ |
pnpm-lock.yaml (v6/v9) |
✅ |
Settings
| Setting |
Default |
Description |
whatsChanged.maxVersions |
5 |
Max intermediate versions shown in hover |
whatsChanged.githubToken |
(empty) |
GitHub PAT to raise API limit from 60 → 5000 req/hour |
Why you might want a GitHub token
GitHub's unauthenticated API is limited to 60 requests per hour. For most developers that's fine. If you work across many projects or have a lot of packages, add a token:
- Go to github.com/settings/tokens
- Generate a token with no scopes (public repo read is free)
- Paste it into
whatsChanged.githubToken in your settings
FAQ
Does it work with scoped packages like @types/node?
Yes.
What if the package has no GitHub repo?
You'll still see the version diff (current vs latest) and the bump type. The changelog section is skipped gracefully.
Does it auto-update anything?
No. It's read-only. It helps you decide — you do the updating.
Does it work in Cursor?
Yes. It targets VS Code 1.93+ which Cursor is built on.
Tech
- Zero runtime dependencies — only Node built-ins (
https, path, fs)
- TypeScript, compiled to CommonJS
- VS Code 1.93+
Built by prakhar-builds
