I thought delta was fairly well-known by now so I was surprised to see this project not mention it (the readme already has a section for that). I wonder what they've chosen to do differently, besides write it in Node.js.
An that's cool. I've always had a dream of having the same syntax highlighting set up everywhere: vscode, bat, vim, git diff... etc.
I wish it was able to automatically switch from side-by-side to vertical diffs depending on my terminal widt, or at least override it with --side-by-side.
The I like this over fancy CLI diff viewers for a handful of reasons:
- It re-uses my editor config (no need to fuss with that tools ad hoc config format)
- I can navigate the diff with my editor’s navigation tools (expand or hide context lines, open/close/reorganize tabs, etc.)
- My editor’s language-aware tooling kicks in. I can jump to def, reveal types, and find all references while reading the diffs.
I wrote more about some of the specific workflows I use in this post, if you’re curious to level up from a CLI-only diff workflow:
There’s a time and a place for CLI-only diff viewers, and kudos to the author for building a tool they enjoy! I’ve just found that they fit into a sort of uncanny valley of simplicity and power for my needs.
Have you (or anyone reading this) been able to figure out how to get diff-highlight to be more intelligent so that if 'foo' changes to "foo", the highlighter is smart enough to only highlight the quotes as changing, but not the word foo? (Though this example is trivial, any time you've got two changes on the same line, this issue occurs where everything in between those changes gets highlighted as well.) I noticed that other tools in this thread such as delta and banga don't suffer from this issue.
To highlight only the quotes as changing, you need something else. On (Neo)Vim, for example, vim-gitgutter does this  (I'm the author).
What works for me is tig for git diffs.
Also very impressive is kitty-diff. If you use kitty as your OpenGL enabled terminal https://sw.kovidgoyal.net/kitty/kittens/diff.html
in your .gitconfig
tool = icdiff
prompt = false
cmd = /usr/bin/icdiff --line-numbers $LOCAL $REMOTE | less -eFXR
Good point about the themes, I'll add one. I'm hoping to make it easy to customize individual theme colors so you could unset the background colors, for example
And vimdiff is even an editor not just a viewer.
Now if it was say, Meld in a terminal, that would be worth talking about and I installing some stack as a dependency.
For this, I would look into Deno, which supports self contained binaries with typescript. I've never tried it myself so not sure how much work this would be.
I wrote a small script that tracks changes to your kubernetes cluster and sends a diff of the yaml to Slack. It works but I want to prettify the diff with a GitHub style diff and I need it in image format to send to slack.
It can be easily set up...
More seriously, as much as I'm personally not a huge fan of JS (but this is TypeScript?) I don't see how such comments add to the conversation. This particular package even seems to be very considerate with its dependencies: there's only a half dozen, and relate to obvious things like terminal coloring/manipulation, syntax highlighting, and diff generation… Now, I've not explored the full tree to see if those drag in the world, of course.
Sometimes, I think the hate on dependency trees gives them a bad rap. Code reuse lets people build things easily & quickly without having to badly reinvent every wheel! Sometimes, I get notified of a JS dependency with a security vulnerability where if a user can control how many spaces are used for indentation in some library's pretty-printer they can RCE and I die a little inside.
I think there are easier ways to get a side-by-side diff, but this tool does do a remarkable job of reproducing GitHub's aesthetics.
EDIT: Anyway, didn't mean to shit on author's work. (S)he apparently put fair amount of work into it, and the result looks great.
If there are dependencies, there could be security risks.
What you could do is just audit the package list and try to make a reasonable decision. 35 different packages for a small script, some with almost no GitHub stars or downloads? Maybe cause for concern. A few well-known libraries? Probably less concerning. You'd need to audit the entire lock file to really be sure, but this gives you some idea, at least.
It's true that JS developers generally seem to tend towards using a larger number of smaller libraries on average, so it's possible the risk is a bit higher both due to that and the market share, and maybe a few other reasons, but it's not like there are any fundamental differences here.
Each project will have their own way of handling dependencies, regardless of the language. You have to evaluate individual projects in any language on a case-by-case basis, and not just stereotype based on the language used. If your comment instead was ripping on the actual contents of package.json (or requirements.txt etc.), then you'd quite possibly have a valid point, but balking at the mere existence of the file is pretty ridiculous.
Or to say "When I depend on a library A in say Python I can be reasonably sure that it won't download and execute random shit from Internet", which is just completely untrue and misguided in a lot of ways. It's absolutely just as easy for anyone to backdoor a Python package as it is to backdoor an NPM package, and it happens all the time. It's possible it could happen a lot more frequently in the future, too.
You could argue that statement's true in a sense, but given that same sense it's also true of Node; it's not a good way of thinking about dependency supply chain attacks.
Can you give an example?
I'm aware of the banner thing, but I think that was only a few projects, and that's something else entirely.
But then again, I'm not that well versed in nodejs to judge by that experience alone. As I said in the middle, I'm not trying to dismiss author's work. I'm sorry for the tone of my previous replies. This comment thread I spawned is also very off-topic.
>Over a year ago, I was investigating using Prisma to be the ORM for a GraphQL API of a Postgres database. When doing a proof-of-concept, I discovered that under the hood @prisma/client was spinning up it's own GraphQL server that it would send requests to in order to generate SQL to send to postgres. This extra middleware layer between my frontend code and postgres generated some pretty poor performing queries that took 50% longer to complete than the queries generated by using Hasura as our whole GraphQL API.
>like create-react-app, which feels the right thing to do is to spawn my $EDITOR when it sees exception in the log (which it hides)
It might be worth making fun of a particular package if they pull in way too many other packages, but it's still all a case-by-case evaluation.