Hey, I've integrated your package in my gitlab's CI, and have dangerbot post it as a comment to MR. Thanks for putting it together, it's a great tool, and other similar packages don't support custom gitlab domain.

I've encountered one minor inconsistency when using it for unfinished MRs. The "Operation" column for packages with dev-* is hard to predict. To pinpoint it, I've added to test \IonBazan\ComposerDiff\Tests\Formatter\FormatterTest::testItRendersTheListOfOperations this cases:

new UpdateOperation($this->getPackage('a/package-6', '0.5.2'), $this->getPackage('a/package-6', 'dev-feature', 'dev-feature 1234567')),
new UpdateOperation($this->getPackage('a/package-7', '0.5.2'), $this->getPackage('a/package-7', 'dev-main', 'dev-main 1234567')),
new UpdateOperation($this->getPackage('a/package-8', '0.5.2'), $this->getPackage('a/package-8', 'dev-master', 'dev-master 1234567')),

and the relevant test results were:

I think it would make sense to consider operations with dev- either always show up as Upgraded, or show something neutral, like Changed?

The current behavior is caused by \Composer\Semver\VersionParser::normalizeDefaultBranch called in \Composer\Semver\Semver::sort - it does:

if ($name === 'dev-master' || $name === 'dev-default' || $name === 'dev-trunk') {
     return '9999999-dev';
}

Also, I think the composer implementation of version comparison always assumes that changes involving dev- are an upgrade, no matter the change. Maybe in \IonBazan\ComposerDiff\Formatter\AbstractFormatter::isUpgrade you could simply use composer's \Composer\Package\Version\VersionParser::isUpgrade?

After upgrading rector/rector from 0420629 to 2e028e5 (dev-main), composer diff produced following output:

             "source": {
                 "type": "git",
                 "url": "https://github.com/rectorphp/rector.git",
-                "reference": "04206292794cdf1932d3c8d7ce1ed139d69039fd"
+                "reference": "2e028e5734f34f4afeb34e8b8c2da021b731760a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/rectorphp/rector/zipball/04206292794cdf1932d3c8d7ce1ed139d69039fd",
-                "reference": "04206292794cdf1932d3c8d7ce1ed139d69039fd",
+                "url": "https://api.github.com/repos/rectorphp/rector/zipball/2e028e5734f34f4afeb34e8b8c2da021b731760a",
+                "reference": "2e028e5734f34f4afeb34e8b8c2da021b731760a",
                 "shasum": ""
             },

While version constraint didn't change, it should produce only a single "change" row instead of "update" and "change".

This might be caused by the branch alias though.

Currently platform requirement changes are only listed when they are explicitly defined in the root package composer.json. Requiring a package with a transitive platform requirement causes such dependency to be ignored.

That's because such package only appears in packages.<package-name>.require section and not in platform section.

It is important to test whether the plugin is actually properly installed and commands are registered.
This is partially done in b44fcd2 but requires Composer v2. A backport for Composer v1 is needed to prevent future regressions.

Hello there!

My name is Ana. I noted that you use the mutation testing tool infection in the project.
I am a postdoctoral researcher at the University of Seville (Spain), and my colleagues and I are studying how mutation testing tools are used in practice. With this aim in mind, we have analysed over 3,500 public GitHub repositories using mutation testing tools, including yours! This work has recently been published in a journal paper available at https://link.springer.com/content/pdf/10.1007/s10664-022-10177-8.pdf.

To complete this study, we are asking for your help to understand better how mutation testing is used in practice, please! We would be extremely grateful if you could contribute to this study by answering a brief survey of 21 simple questions (no more than 6 minutes). This is the link to the questionnaire https://forms.gle/FvXNrimWAsJYC1zB9.

Drop me an e-mail if you have any questions or comments ([email protected]). Thank you very much in advance!!

It would be nice to support Drupal.org's packages with composer diff links and diffs, currently they are not supported.

Just noticed after my MR that PHP CS Fixer has rules included, but it's not a dev dependency, nor run via GitHub Actions.

Add new formatter - text which would render links as clickable hyperlinks directly in the terminal like Composer v2.3 does:

This could be a default behaviour in v2 so that users can navigate to the packages' source page and diff links.

Things to consider:

• Should links be always clickable or only when -l flag is passed? Some terminals don't support hyperlinks so -l could make them render as strings like in v1.
• Should this formatter be default from now? Would CI environments be affected? Those using GitHub Action could set mdtable by default for compatibility.
• Perhaps we could just merge that with mdtable so that the link is always rendered and -l would enforce a markdown-compatible link instead?

See job output: https://github.com/qossmic/deptrac/actions/runs/8007789467/job/21872726582?pr=1374

In PackageDiff.php line 136:
                                                                               
  [RuntimeException]                                                           
  Could not open file composer-dependency-analyser:composer.lock or find it i  
  n git as composer-dependency-analyser:composer.lock: fatal: invalid object   
  name 'composer-dependency-analyser'.                                         
                                                                               

Exception trace:
  at /workdir/vendor/ion-bazan/composer-diff/src/PackageDiff.php:136
 IonBazan\ComposerDiff\PackageDiff->getFileContents() at /workdir/vendor/ion-bazan/composer-diff/src/PackageDiff.php:92
 IonBazan\ComposerDiff\PackageDiff->loadPackages() at /workdir/vendor/ion-bazan/composer-diff/src/PackageDiff.php:79
 IonBazan\ComposerDiff\PackageDiff->getPackageDiff() at /workdir/vendor/ion-bazan/composer-diff/src/Command/DiffCommand.php:141
 IonBazan\ComposerDiff\Command\DiffCommand->execute() at /workdir/vendor/symfony/console/Command/Command.php:312
 Symfony\Component\Console\Command\Command->run() at /workdir/vendor/symfony/console/Application.php:1022
 Symfony\Component\Console\Application->doRunCommand() at /workdir/vendor/symfony/console/Application.php:314
 Symfony\Component\Console\Application->doRun() at /workdir/vendor/symfony/console/Application.php:168
 Symfony\Component\Console\Application->run() at /workdir/vendor/ion-bazan/composer-diff/composer-diff:[30](https://github.com/qossmic/deptrac/actions/runs/8007723786/job/21872510353?pr=1374#step:4:31)
 include() at /workdir/vendor/bin/composer-diff:120

Maybe related to the fact that the newly added package in the PR has composer.lock committed and not export-ignored in .gitattributes, but I'm guessing here.

If links are enabled, could there be a link to the project too?