npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mitre/hdf-diff

v3.2.0

Published

Structured comparison of HDF evaluation results — tracks what changed, why, and by how much

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aaronlippoldaaronlippoldwdowerwdower

Keywords

hdfheimdalldiffcomparisonsecuritycompliance

Readme

@mitre/hdf-diff

Structured comparison of HDF documents — tracks what changed, why, and by how much.

What it does

Compares HDF documents (results, baselines, or system documents) and produces a structured diff:

  • Results comparison (diffHdf) — requirements added, removed, or changed between evaluations; status transitions with change reasons; field-level changes (impact, severity, disposition, effectiveImpact); per-baseline compliance summaries
  • Baseline evolution (diffBaselines) — track how a baseline's requirements change across versions (IDs added/removed, impact/severity/title changes)
  • System drift (diffSystems) — compare two HDF system documents for component, data flow, and configuration changes
  • SBOM comparison (diffSboms) — CycloneDX/SPDX package-level diffs (added, removed, updated)
  • Amendment operations (Go only, amend subpackage) — merge overrides into results, verify amendment chains, compute effectiveStatus/effectiveImpact/disposition

Additional capabilities:

  • Multiple comparison modes: temporal, baseline, fleet, multi-source
  • Format normalization: legacy InSpec exec-json (v1) to current HDF
  • Output formats: JSON, Markdown, CSV, terminal (ANSI-colored)
  • CI exit codes: GNU diff-compatible (0/1/2) and detailed (10-14)

Relationship to other packages

| Package | Relationship | |---------|-------------| | hdf-schema | Provides HDFResults, HDFBaseline, and system types that hdf-diff consumes | | hdf-validators | Used to validate comparison output against the HDF comparison schema | | hdf-cli | hdf diff and hdf amend commands wrap this library for CLI use |

Installation

npm install @mitre/hdf-diff

Usage

import { diffHdf, diffBaselines, diffSystems, render } from '@mitre/hdf-diff';

// Compare two evaluation results (temporal mode)
const comparison = diffHdf(oldResults, newResults);

// Compare baseline evolution (track requirement changes across versions)
const baselineDiff = diffBaselines(oldBaseline, newBaseline);

// Compare system documents (component/data-flow drift)
const systemDiff = diffSystems(oldSystem, newSystem);

// Render as markdown, JSON, CSV, or terminal
const md = render(comparison, 'markdown', { detail: 'full' });
const json = render(comparison, 'json');

// Check exit codes for CI
import { computeExitCode, EXIT_IDENTICAL } from '@mitre/hdf-diff';
const code = computeExitCode(comparison);
if (code !== EXIT_IDENTICAL) process.exit(code);

Requirement matching

hdf-diff supports multiple strategies for matching requirements across evaluations:

  • Exact ID (default) — match by requirement ID
  • Mapped ID — match via a user-provided ID mapping
  • CCI match — match by shared CCI identifiers
  • Fuzzy title — Jaccard similarity on tokenized titles
import { diffHdf, createFuzzyTitleStrategy } from '@mitre/hdf-diff';

const comparison = diffHdf(oldResults, newResults, {
  matchStrategy: createFuzzyTitleStrategy(0.8), // 80% similarity threshold
});

SBOM comparison

import { diffSboms } from '@mitre/hdf-diff';

const sbomDiff = diffSboms(oldSbom, newSbom);
// Shows packages added, removed, updated, or unchanged

CLI usage

# Results comparison
hdf diff old-results.json new-results.json
hdf diff old-results.json new-results.json --format markdown
hdf diff old-results.json new-results.json --json

# System drift detection
hdf diff old-system.json new-system.json

# SBOM comparison
hdf diff --sbom old-sbom.json new-sbom.json

# Baseline mode (golden baseline vs current scan)
hdf diff --mode baseline golden.json current.json

Go usage

The diff engine is also available as a Go module:

import diff "github.com/mitre/hdf-libs/hdf-diff/go/v3"

See the hdf-diff/go directory for the Go API.

Schema documentation

The HDF Comparison schema that hdf-diff produces is documented at https://mitre.github.io/hdf-libs/schemas/.

License

Apache-2.0 © MITRE Corporation