Package Upgrade Guard is an Emacs security tool that shows diffs for all package upgrades and installations, helping users review changes before proceeding. It supports both ELPA/MELPA packages and VC (version control) packages.

• 🔍 Shows diffs for package upgrades before installation
• 📦 Supports both tarball packages (ELPA/MELPA) and VC packages (git repositories)
• 🛡️ Security-focused review process with user approval prompts
• 🔄 Works with package-upgrade, package-upgrade-all, and package menu operations
• 📊 Displays file-by-file changes, new files, and deleted files
• ⚡ Efficient TAR extraction for package analysis
• ⚙️ Archive exclusion for trusted sources (auto-approve without diff review)

1. Place package-upgrade-guard.el in your Emacs load path
2. Add to your Emacs configuration:

(use-package package-upgrade-guard
  :vc ( :url "https://github.com/kn66/package-upgrade-guard.el.git" :rev :newest)
  :config
  (package-upgrade-guard-mode +1))

Once enabled, Package Diff Guard automatically intercepts:

• M-x package-upgrade - Shows diff before upgrading individual packages
• M-x package-upgrade-all - Reviews each package individually
• Package menu operations (mark packages with U or I, then x)

1. When you attempt to upgrade a package, a diff buffer appears
2. Review the changes in the displayed diff
3. Respond to the approval prompt:
   • yes - Proceed with installation/upgrade
   • no - Cancel the operation

For git-based VC packages, the tool shows:

• Git status
• New commits to be pulled
• Detailed diff of changes

For ELPA/MELPA packages, the tool shows:

• File-by-file unified diffs
• New files added
• Files removed
• Version information

Package Upgrade Guard allows you to exclude trusted packages from diff checking in two ways: by archive or by specific package name. Excluded packages are automatically approved and upgraded without showing diffs.

• Development Archives: Skip diff checking for development versions of GNU ELPA packages (gnu-elpa-devel)
• Trusted Sources: Auto-approve packages from official archives you trust
• Trusted Packages: Auto-approve specific packages you trust (e.g., magit, org-mode)
• Bulk Updates: Reduce manual review for packages from specific sources or individual packages

;; check
(symbol-value 'package-archives) ; -> e.g. (("melpa" . "https://melpa.org/packages/") ("gnu" . "https://elpa.gnu.org/packages/") ("nongnu" . "https://elpa.nongnu.org/nongnu/"))

;; Skip diff checking for GNU ELPA development packages
(setopt package-upgrade-guard-excluded-archives '("gnu"))

;; Or exclude multiple archives
(setopt package-upgrade-guard-excluded-archives '("gnu" "nongnu"))

;; Exclude specific trusted packages
(setopt package-upgrade-guard-excluded-packages '(magit org helm))

;; Combine both approaches
(setopt package-upgrade-guard-excluded-archives '("gnu"))
(setopt package-upgrade-guard-excluded-packages '(some-trusted-melpa-package))

When an excluded package is encountered (either by archive or package name):

1. ✅ Diff checking is automatically skipped
2. ✅ Package is auto-approved for installation/upgrade
3. ✅ Clear message indicates the automatic approval and reason
4. ✅ Manual review is still performed for non-excluded packages

• Auto-approving installation: excluded package 'magit'
• Auto-approving upgrade: excluded archive 'gnu'
• Skipping security check: excluded package 'helm'

Common archive names you might want to exclude:

• "gnu" - GNU ELPA stable packages
• "gnu-elpa-devel" - GNU ELPA development packages
• "nongnu" - NonGNU ELPA stable packages
• "nongnu-devel" - NonGNU ELPA development packages

Note: "melpa" and other third-party archives should generally not be excluded for security reasons.

;; Enable/disable the security checker
(setopt package-upgrade-guard-enabled t)

;; Custom temporary directory for package extraction
(setopt package-upgrade-guard-temp-dir "/path/to/temp/dir")

;; Exclude trusted archives from diff checking (auto-approve)
(setopt package-upgrade-guard-excluded-archives '("gnu"))

;; Exclude specific packages from diff checking (auto-approve)
(setopt package-upgrade-guard-excluded-packages '(magit org helm))

The package provides several customization options through the package-upgrade-guard group:

• package-upgrade-guard-enabled - Global enable/disable
• package-upgrade-guard-temp-dir - Custom temporary directory
• package-upgrade-guard-excluded-archives - List of archive names to auto-approve
• package-upgrade-guard-excluded-packages - List of package names to auto-approve

• Emacs 27.1 or later
• Standard packages: package, diff, vc-git

Package Diff Guard is designed for defensive security purposes:

• Helps identify potentially malicious changes in package updates
• Provides transparency into what code changes are being installed
• Allows users to make informed decisions about package upgrades
• Creates audit trails for package modifications

• Large packages may show truncated diffs for performance
• Binary files are not diffed (shown as modified)
• Requires manual review for each package upgrade
• Temporary files are created during analysis

If you encounter permission errors, set a custom temporary directory:

(setopt package-upgrade-guard-temp-dir "~/tmp/package-upgrade-guard")

Ensure git is in your PATH and the package directory is a valid git repository.

The tool truncates large diffs automatically. For extremely large packages, consider reviewing changes externally.

This is a security-focused tool. Contributions should prioritize:

1. Security and safety of the diff analysis
2. Clear presentation of changes to users
3. Robust error handling
4. Performance with large packages

MIT license

• v1.2.0 - Added package-name exclusion and package-vc-upgrade support
• v1.1.0 - Added archive exclusion functionality for trusted sources
• v1.0.0 - Initial release with tarball and VC package support