Bumpy is built as a modern successor to changesets. This document tracks the pain points, missing features, and design problems in changesets that bumpy addresses (or plans to address), with links back to the relevant GitHub issues.
Changesets hardcodes aggressive behavior: a minor bump on a package triggers a major bump on all packages that peer-depend on it. This is the single biggest community complaint.
Bumpy splits propagation into three phases inside an iterative loop:
- Phase A (always runs): fixes broken version ranges — peer dep bumps match the triggering bump level, regular deps get patch, dev deps are skipped. Cannot be disabled.
- Phase B: enforces fixed/linked group constraints.
- Phase C (opt-in): proactive propagation via configurable
dependencyBumpRulesandcascadeTorules. Off by default (updateInternalDependencies: "out-of-range").
Key differences from changesets:
- Out-of-range peer dep bumps match the triggering bump level (not always major) — a minor bump on
core→ minor bump onplugin, not major - Dev deps never propagate by default (configurable per-package for bundled devDeps)
cascadeToconfig for source-side "when I change, cascade to these packages"- Per-bump-file
noneto acknowledge changes without triggering a direct bump - Warns about
^0.xcaret range gotchas andworkspace:*on peer deps
See docs/version-propagation.md for the full algorithm.
- changesets#1011 — peerDependencies cause unnecessary major bumps (70+ thumbs-up)
- changesets#822 — unexpected major version bumps from peer deps
- changesets#1126 — peer dep bumping is too aggressive
- changesets#1228 — allow configuring peer dep bump behavior / 0.x versions
- changesets#827 — peer dep bump propagation should be configurable
- changesets#960 — unexpected version bumps in monorepos
- changesets#944 — devDependencies should be configurable (17 thumbs-up)
- changesets#568 — allow dependents to not be automatically bumped
- changesets#1128 —
updateInternalDependenciesonly on certain packages - changesets#808 — ignore some packages on
updateInternalDependencies - changesets#1819 — support major version propagation to dependents (
bumpAs: "match") - changesets#1735 — unidirectional dependency relationships (solved by
cascadeTo)
Changesets is hardcoded to npm publish. Bumpy supports per-package custom publish commands for VS Code extensions, Docker images, JSR, private registries, or anything else.
- changesets#399 — arbitrary publish steps (14 comments)
- changesets#1318 — JSR support (39 thumbs-up)
- changesets#1717 — JSR custom publish (12 thumbs-up)
- changesets#1230 — publishing Docker images
- changesets#1297 — publishing VS Code extensions
Changesets uses npm publish even in Yarn/pnpm workspaces, so workspace:^ and catalog: protocols are NOT resolved, resulting in broken published packages. Bumpy resolves all workspace protocols correctly before publish.
- changesets#432 — workspace: ranges not resolved (33 comments)
- changesets#1290 — workspace:^ not handled correctly
- changesets#1421 — workspace:^ bumped on patch despite
updateInternalDependencies: "minor" - changesets#1229 — workspace: protocol causes publish failures
- changesets#1468 — workspace:^ published as-is (16 thumbs-up)
- changesets#1454 — publishing with Yarn is broken (38 thumbs-up)
- changesets#1707 — pnpm workspace catalog support (20 thumbs-up)
bumpy add works fully non-interactively for CI/CD pipelines and AI-assisted development.
- changesets#979 — non-interactive mode (15 thumbs-up)
- changesets#1118 — CLI automation support
Bumpy has first-class provenance and npmStaged config options, plus support for passing extra args to the publish command.
- changesets#1152 — provenance support (36 thumbs-up, 26 comments)
Packages are published in dependency order so a partial failure doesn't leave the registry in a broken state.
- changesets#238 — publish order should respect dependency graph (11 comments)
Bumpy defaults to "access": "public" since most open-source packages are public. Changesets defaults to "restricted".
- changesets#503 — default access should be public (23 thumbs-up)
bumpy publish --dry-run previews what would be published without actually doing it.
- changesets#614 — dry run for publish (47 thumbs-up)
bumpy publish --filter "@myorg/core" publishes only matching packages. Supports globs. Important for partial failure recovery and large monorepos.
- changesets#1160 — filtered publish (34 thumbs-up)
bumpy version automatically runs pnpm install --lockfile-only / bun install / etc. to keep the lockfile in sync with bumped versions.
- changesets#1139 — lockfile not updated (24 thumbs-up)
Bumpy includes the release date in every changelog heading by default.
- changesets#109 — dates in changelog (17 thumbs-up)
bumpy init detects .changeset/ and automatically migrates — renaming the directory to .bumpy/, converting config, and keeping pending bump files.
- (Previously listed under Planned)
bumpy generate scans commits on the current branch and auto-creates bump files. It works with any commit style — conventional commits get enhanced bump-level detection (feat → minor, fix → patch, feat! → major), while all other commits are mapped to packages via changed file paths (defaulting to patch). Not a replacement for explicit bump files — a bridge for teams migrating from semantic-release, or a convenience when you want both.
- changesets#862 — conventional commits integration (70 thumbs-up, 21 comments)
Custom changelog formatters with full context (release info, bump files, dates). Built-in "default" and "github" (with PR links + author attribution) formatters. Users can write custom formatters in TypeScript or JavaScript. Changesets' API is limited to two awkward string-returning functions — bumpy gives you the full context and you return the complete entry.
- changesets#658 — changelog titles not customizable (12 thumbs-up)
- changesets#556 — changelog formatting (11 thumbs-up)
- changesets#995 — getChangelogEntry API (12 thumbs-up)
Changesets requires two separate pieces of CI infrastructure beyond the CLI:
- changeset-bot — a GitHub App you must install on your repo that watches PRs and posts "missing changeset" comments
- changesets/action — a GitHub Action (separate repo) that handles creating the version PR and publishing
This means you're trusting and auditing two additional dependencies with write access to your repo. The bot requires GitHub App installation (org admin approval in many orgs), and the action is a separate repository with its own release cadence and issues.
Bumpy replaces all of this with two CLI commands you run directly in standard workflows — bumpy ci check (PR comments) and bumpy ci release (version PR + publishing). No GitHub App to install, no separate action to trust. Your CI runs the same @varlock/bumpy package you already depend on. Works on any CI provider that can run shell commands — not just GitHub Actions.
- changesets#134 — requests for GitHub check integration (only available via bot)
- changesets#1812 — can't filter which PRs the bot watches
- changesets#946 — bot doesn't check for new changes
- changesets#1242 — bot/action version upgrade issues
- changesets#43 — can't customize bot messages
Changesets' prerelease mode is described in their own docs as "very complicated" with "mistakes that can lead to repository and publish states that are very hard to fix." Key problems: global mode state poisons unrelated merges, exiting pre bumps ALL packages, counters require committed state, dist-tags can't be controlled.
Bumpy replaces the mode with branch-based channels (docs/prereleases.md): a long-lived branch (e.g. next) maps to a prerelease line. Bump file location (.bumpy/<channel>/) is the only state; prerelease versions are never committed — targets derive from bump files, counters from the registry. Promotion to stable is just a merge.
- changesets#729 — exiting pre mode bumps all versions (14 comments)
- changesets#786 — can't control dist-tag in pre mode (13 comments)
- changesets#635 — prerelease workflow problems
- changesets#239 — prerelease mode design issues
- changesets#381 — prerelease counters require committed state
bumpy check verifies that changed packages on the current branch have corresponding bump files. Compares your branch to the base branch, maps changed files to packages. By default it only fails if no bump files exist at all (matching changesets behavior). Use --strict to require every changed package to be covered, --no-fail for advisory-only mode, or --hook pre-commit/--hook pre-push to control which bump files count based on their git status. No GitHub API needed.
Changesets has no built-in equivalent — users rely on the CI bot comment to catch missing bump files after pushing.
Track changes to CI, tooling, and monorepo-root-level config in changelogs — not just workspace packages.
- changesets#1137 — root workspace support (26 thumbs-up)
Support versioning and publishing beyond npm — Rust crates, .NET NuGet, Python packages, etc. — via a package manifest that doesn't require wrapper package.json files.
- changesets#849 — packages extensibility RFC (22 comments)
- changesets#879 — GitLab support (33 thumbs-up)
- changesets#1329 — .NET support
- changesets#1760 — pluggable architecture
Support for hotfixing older major versions on release branches.
- changesets#1235 — maintenance release workflow
Bumpy doesn't shell out to git for branch comparisons during normal operations.
- changesets#517 — git failures in CI (41 comments)
Bumpy's iterative propagation has a hard iteration cap.
- changesets#571 — infinite loop in changeset version (21 comments)