🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

difflytic

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

difflytic

AI-powered code review for GitLab/GitHub MRs using OpenAI and more.

1.0.12
latest
Source
npm
Version published
Weekly downloads
111
46.05%
Maintainers
1
Weekly downloads
 
Created
Source

AI-Driven Code Review Library 🚀

An AI-powered TypeScript npm library for automated code reviews during merge requests, designed for both free and premium use cases. It integrates with multiple SCM providers (e.g., GitHub, GitLab, Bitbucket) and supports dynamic AI models like OpenAI, Anthropic, and local models.

🎯 Project Goals

Create a TypeScript npm library that helps developers review code during merge requests using AI, with support for multiple providers and flexible AI model integrations. The library is designed for both Free and Premium versions, offering additional features for paying customers.

✨ Key Features

Free Version:

  • AI-powered code review using OpenAI (e.g., GPT-4).
  • Line-level code feedback.
  • GitHub and GitLab integration.
  • Basic automated labeling (e.g., "Review Passed", "Needs Adjustment").
  • Simple token management via environment variables.

Premium Version:

  • Dynamic AI model support (OpenAI, Anthropic, Local Models like LLaMA, Custom APIs).
  • Block-level and function-level feedback.
  • Support for additional providers (Bitbucket, Azure DevOps, Jira).
  • Customizable labeling and review thresholds.
  • Enhanced security with OAuth, token rotation, and encrypted storage.
  • Detailed analytics and usage insights (opt-in).

🔑 License Key Management

  • Uses JWT for premium feature access.
  • Central server or serverless function for key generation and verification.
  • Future-proof design for time-limited trials and feature-specific access.

🚀 Deployment Strategy

  • Standalone npm library (primary)
  • Dockerized CLI (optional)

📊 User Analytics and Feedback (Opt-In)

  • Track feature usage, performance, and error rates.
  • Provide insights for continuous improvement.
  • Respect user privacy with clear opt-in mechanisms.

Installation

Install via npm (recommended)

npm install -g difflytic

Or as a dev dependency in your project:

npm install --save-dev difflytic

Usage

As a CLI (recommended)

Global install

difflytic review gitlab <projectId> <mergeRequestIid> --mode=function

Local install (from project root)

npx difflytic review gitlab <projectId> <mergeRequestIid> --mode=function
  • --mode can be file, block, or function (default: file)
  • Example: 
    npx difflytic review gitlab 12345 42 --mode=block

As a Library (programmatic usage)

import { GitLabProvider } from 'difflytic/dist/providers/GitLabProvider';
import { OpenAI } from 'difflytic/dist/ai/OpenAI';

const provider = new GitLabProvider();
const ai = new OpenAI();
const mrData = await provider.fetchMergeRequestData('yourProjectId', 'yourMergeRequestIid');
const changes = mrData.changes || [];
for (const file of changes) {
  const diff = file.diff || '';
  // ...process diff or use ai.analyzeCode(diff, 'function')
}

Environment Variables / Config

Set these as environment variables or in a .difflyticrc.json or config.json in your project root:

  • GITLAB_TOKEN (required)
  • OPENAI_API_KEY (required)
  • GITLAB_API_URL (optional, for self-hosted GitLab)

Example .difflyticrc.json:

{
  "GITLAB_TOKEN": "your_token",
  "OPENAI_API_KEY": "your_openai_key",
  "GITLAB_API_URL": "your_custom_gitlab_domain"
}

CI/CD Integration

To run difflytic automatically on every merge request, add a job to your .gitlab-ci.yml.

1. Set up GitLab CI/CD Variables

Go to Settings > CI/CD > Variables in your GitLab project and add:

  • GITLAB_TOKEN (with api scope, or at least read_api and read_repository)
  • OPENAI_API_KEY (your OpenAI API key)
  • GITLAB_API_URL (e.g., https://gitlab.com or your self-hosted domain, without /api/v4)

These variables will be available to your CI jobs as environment variables.

2. Add the difflytic Job to .gitlab-ci.yml

stages:
  - ai_review

ai_code_review:
  stage: ai_review
  image: node:18
  script:
    - npm install difflytic
    - npx difflytic review gitlab "$CI_PROJECT_ID" "$CI_MERGE_REQUEST_IID" --mode=function
  only:
    - merge_requests
  variables:
    GITLAB_TOKEN: "$GITLAB_TOKEN"
    OPENAI_API_KEY: "$OPENAI_API_KEY"
    GITLAB_API_URL: "$GITLAB_API_URL"
  • This job will run on every merge request.
  • It installs difflytic and runs the review command for the current MR.
  • The required tokens and API URL are securely provided via GitLab CI/CD variables.

3. What Happens

  • The job will:
    • Run the AI review on the merge request changes
    • Post comments and labels to the MR as configured

4. (Optional) Make the Job Required

  • In Settings > General > Merge request approvals or CI/CD > Pipelines, you can require this job to pass before merging.

License

MIT

Keywords

ai
code-review
gitlab
github
openai
merge-request

FAQs

Package last updated on 20 May 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Growing Risk of Malicious Browser Extensions

Research

Security News

The Growing Risk of Malicious Browser Extensions

Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.

By Kush Pandya  -  Jun 13, 2025