Tracking New Dependencies Added to a Project

Identifying New Dependencies

When comparing two package.json files, the Package.json Diff tool marks any package that exists in B but not in A as added with a green indicator. This is essential for code reviews and dependency audits.

What new dependencies look like in the diff

dependencies:
  + zod: ^3.22.0          [ADDED]
  + @tanstack/react-query: ^5.0.0  [ADDED]

devDependencies:
  + vitest: ^1.0.0         [ADDED]
  + @testing-library/react: ^14.0.0  [ADDED]

Questions to ask about new dependencies

Before approving new dependencies in a PR, consider:

• Is this package actively maintained? Check the last publish date and open issues
• How large is the package? Use tools like bundlephobia.com to check bundle impact
• Are there existing alternatives? Could an existing dependency handle this use case?
• Is the license compatible? MIT, Apache 2.0, and BSD are generally safe for commercial use
• How many transitive dependencies does it bring? Fewer is better for security

Filtering the results

Use the Added only filter button to see just the new packages, hiding all unchanged and modified entries. This gives you a focused view for dependency review.

Impact on lock files

New dependencies will generate the largest changes in your lock file (package-lock.json or yarn.lock). Each new package may bring dozens of transitive dependencies.