Automic VaultAutomic Vault

brew

Install diffoci with Homebrew, Nix, pacman

Diff for Docker and OCI container images. Version 0.1.8 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install diffoci

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#diffoci

nixpkgs package indexes · pkgs/by-name/di/diffoci/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S diffoci

Arch Linux sync databases · diffoci · source: geo.mirror.pkgbuild.com

overview

Package summary

Diff for Docker and OCI container images

Commands and aliases

  • diffoci

history

Project history and usage

diffoci is a command-line comparison tool for Docker and OCI container images, aimed at finding the practical differences between two image artifacts in reproducible-builds work.

Project history

The project lives under the reproducible-containers organization and frames itself as a diff tool for Docker and OCI images. Its README presents strict comparison as the baseline and semantic comparison as the more useful mode for image reproducibility checks.

Adoption history

The official README documents binary releases for Linux and macOS, installation through mise, and source installation with Go, which places diffoci in the familiar package-manager and single-binary CLI lane for container tooling.

How it is used

Typical use compares two image references with `diffoci diff IMAGE0 IMAGE1`; the README recommends `--semantic` when timestamp, layer ordering, build history, or image-name annotation noise would make strict output too noisy. It can also compare local Docker or Podman images with `docker://` and `podman://` prefixes and can dump differing files to a report directory.

Why package nerds care

For package maintainers and reproducible-builds people, diffoci fills the gap between byte-level archive comparison and the layered, metadata-heavy world of OCI images. It is useful when the artifact being packaged is not a tarball or binary but a container image with registry, platform, and layer semantics.

Timeline

  • 2023: README examples focus on comparing Alpine and Docker Hub images in reproducibility investigations.
  • 2020s: Project distributed as a Go CLI with Linux and macOS binary releases.

Related projects

  • diffoci is adjacent to diffoscope for deep artifact comparison, but specializes in Docker and OCI image layout, containerd, Docker, Podman, and registry workflows.

security posture

Risk level: orange

broad file, network, media, or database tool signal. infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • broad file, network, media, or database tool signal
  • infrastructure mutation or orchestration signal

Signals

  • text:container
  • text:image

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
diffocicliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.1.8
manager updated
local dataok
upstreamcurrent
latest detectedv0.1.8

https://github.com/reproducible-containers/diffoci

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:diffoci
Version0.1.8
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/diffoci
Homepagehttps://github.com/reproducible-containers/diffoci
Repositoryhttps://github.com/reproducible-containers/diffoci
Upstream docshttps://github.com/reproducible-containers/diffoci#readme
LicenseApache-2.0
Source archivehttps://github.com/reproducible-containers/diffoci/archive/refs/tags/v0.1.8.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namediffoci
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

diffoci

nix profile install nixpkgs#diffoci
  • normalized package name match
  • Matched by: Diffoci
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/di/diffoci/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

diffoci 0.1.8-1

diff for Docker and OCI container images

https://github.com/reproducible-containers/diffoci

sudo pacman -S diffoci
  • License: Apache-2.0
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Diffoci
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: diffoci from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment