30 open-source projects similar to npm/cli, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cli alternative.
clib is a C language package manager and dependency manager used to install, update, and manage external C libraries and executable dependencies from remote repositories. It functions as a distribution tool for structuring source code and metadata to publish C libraries and a development toolkit for maintaining consistent build environments. The project provides a framework for C library distribution and dependency resolution, utilizing manifest files to track required library versions and ensure reproducible builds across different systems. It streamlines the C development workflow by managi
RubyGems is a package manager for the Ruby language, serving as a tool for packaging, distributing, and installing libraries and software extensions. It functions as a dependency resolver and registry client, managing the installation of required libraries and their recursive dependencies to ensure consistent environments across development and production. The system handles the complete package lifecycle, including the building of distributable archives, the compilation of native C extensions for high-performance system integration, and the publishing of stable or prerelease versions to regi
This project provides a comprehensive guide for securing the software supply chain within Node.js and npm environments. It focuses on hardening the entire lifecycle of third-party dependencies and package publishing processes to protect applications from malicious code injection and unauthorized registry modifications. The guide distinguishes itself by emphasizing identity-based authentication and cryptographic provenance to verify the origin of distributed artifacts. It advocates for strict governance policies, such as enforcing minimum release ages for dependencies and disabling automatic l
Berry is a Node.js package manager, dependency resolution engine, and monorepo workspace manager. It provides the tools necessary for resolving, downloading, and managing dependencies to ensure consistent environments across different development machines, while also serving as a publishing tool for uploading versioned package tarballs to registries. The project is distinguished by its implementation of Plug'n'Play, which resolves dependencies without creating a physical node_modules directory by mapping dependencies directly to the file system. This enables a zero-install development workflo
npm is a JavaScript package manager and dependency management tool. It serves as a command line interface for interacting with a central registry of shareable JavaScript code modules, allowing for the installation and management of third-party libraries. The project handles Node.js package distribution by publishing code to a registry and managing project environment versioning to prevent breaking changes. It provides the necessary infrastructure for JavaScript dependency management and frontend build automation. Core capabilities include the ability to install project dependencies, resolve
CocoaPods is a dependency manager for Swift and Objective-C projects that integrates third-party libraries via configuration files. It serves as a project workspace orchestrator, coordinating the build process and linking external dependencies through centralized workspace configurations. To ensure environment consistency across different development machines, it employs a manifest-based version locking system. The project provides a version-controlled library specification registry for managing and distributing metadata and source paths for reusable code modules. It includes tools for extern
Pipenv is a Python dependency manager and virtual environment manager that ensures reproducible environments across different systems. It functions as a lockfile resolver, generating deterministic lockfiles from high-level dependency constraints to prevent version drift. The tool integrates project workflow automation by loading environment variables and executing custom project scripts. It also includes security auditing capabilities to scan installed packages for known vulnerabilities. The system covers a broad range of capabilities including dependency version locking, package installatio
Lerna is a monorepo management tool, build orchestrator, and package publisher for JavaScript and TypeScript projects. It enables the management of multiple packages within a single shared repository, providing utilities for workspace organization and the coordinated publishing of packages to a registry. The tool distinguishes itself through dependency-aware task orchestration and automated version management. It uses topological sorting to sequence tasks and utilizes content-hash caching to skip redundant executions when input files remain unchanged. Versioning is automated by parsing standa
osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act
Swift Package Manager is a build tool, dependency manager, and registry client for the Swift language. It transforms source files and external dependencies into executable binaries or libraries and manages the resolution, download, and integration of external code libraries. The project provides a client for publishing and versioning signed code packages via a remote registry, ensuring identity verification through digital signing. It also includes a source code formatter to standardize code style and indentation. The system covers a broad range of capabilities including modular code distrib
Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f
Moon is a monorepo build system and task runner designed to orchestrate complex projects with multiple packages. It functions as a dependency graph orchestrator that executes build targets in topological order and utilizes input hashing to cache results and skip redundant work. The project features a polyglot toolchain manager that automates the installation and versioning of language runtimes and CLI tools to ensure environment consistency. It also includes a plugin framework based on WebAssembly, allowing developers to extend build logic and toolchain behavior using any supported language.
Specs is a centralized package metadata repository and distribution service for the Apple platform. It serves as a public index of library specifications, enabling the discovery, resolution, and installation of third-party frameworks for iOS and macOS projects. The project provides a podspec distribution service that hosts and validates library specifications to ensure reproducible dependency resolution. It utilizes a Git-based collection of structured specifications and a REST API to manage library publishing, ownership, and versioning. The system encompasses comprehensive capabilities for
np is a command line tool for managing the versioning and publication of packages to the npm registry. It serves as a release automator and semantic versioning tool that handles version bumps, git tagging, and the upload of packages to public or private registries. The tool distinguishes itself by providing an interactive workflow that guides users through sequential publishing steps, including a preview of all scheduled tasks before remote changes are performed. It includes automated release drafting to generate summary notes and audit capabilities to identify extraneous files or unpublished
Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit
Rye is a comprehensive Python toolchain manager, package manager, and virtual environment orchestrator. It provides a unified system for installing Python runtimes, resolving dependencies, and coordinating isolated environments across different projects. The project distinguishes itself through workspace management capabilities that coordinate dependencies and builds across multiple libraries within a single multi-package project structure. It further enables the global installation of Python tools into sandboxed environments, making them accessible system-wide without manual environment acti
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Bun is a high-performance runtime environment designed to execute JavaScript and TypeScript applications with minimal latency and high throughput. Built on a native core implemented in Zig, it provides a unified execution engine that leverages JavaScriptCore for efficient memory management and low-latency startup. The project functions as an all-in-one toolchain, integrating a native bundler, transpiler, package manager, and test runner into a single command-line interface. What distinguishes Bun is its focus on native system integration and developer productivity. It features a high-performa
dependabot-core is the automated dependency management engine that powers multi-ecosystem package updates and vulnerability remediation. It parses package manifests and lockfiles, polls package registries for newer versions, resolves version constraints across entire dependency trees, and generates pull requests with changelogs and structured descriptions. The system integrates vulnerability database matching to detect known security flaws and can automatically create remediation pull requests. What distinguishes this project is its handling of complex multi-ecosystem resolution across dozens
Flox is a Nix environment manager designed to create, share, and maintain reproducible software stacks. It uses declarative manifests to isolate project dependencies and toolchains, ensuring identical runtimes across different machines and operating systems. The platform distinguishes itself by enabling the deployment of imageless workloads to Kubernetes, allowing software to run in pods without traditional container images. It can also synthesize OCI-compliant container images and distroless artifacts directly from declarative environment definitions. The project covers broad capability are
ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le
This project provides a comprehensive framework for securing the software supply chain within the Node.js ecosystem. It focuses on mitigating risks associated with third-party dependencies by implementing technical controls and governance policies designed to prevent malicious code injection and ensure the integrity of the development environment. The guide distinguishes itself by offering specific hardening techniques for package management, such as disabling automatic execution of lifecycle scripts and enforcing strict registry-scoped dependency routing to prevent dependency confusion. It e
This project is a comprehensive framework for literate programming that enables developers to build production-ready Python libraries entirely within Jupyter Notebooks. By treating notebooks as the primary source of truth, it integrates code, documentation, and testing into a unified development pipeline that exports directly to standard Python modules. The framework distinguishes itself through specialized tooling designed to overcome the inherent challenges of using notebooks in professional software engineering. It includes custom Git hooks and merge drivers that sanitize volatile notebook
This project is a reference implementation and tutorial designed to demonstrate the end-to-end workflow of building, versioning, and uploading Python distributions. It serves as a concrete project template and example for configuring metadata and build artifacts for package indices. The repository illustrates how to package software by defining project metadata and dependencies in static configuration files. It covers the process of transforming source trees into versioned archives and platform-specific binary distributions, specifically showing how to build binary wheels and source distribut
PDM is a Python package manager, dependency resolver, and build tool designed to create reproducible environments. It functions as a runtime manager that installs and switches between different versions of the Python interpreter using standalone builds, while managing isolated virtual environments to prevent version conflicts between projects. The tool distinguishes itself through the use of cross-platform lockfiles and a plugin-based extension architecture, allowing users to add new capabilities via external distributions. It provides a centralized package caching system and a parallel insta
30-seconds-of-code is a comprehensive knowledge base and programming snippet library designed to support software engineering education and professional development. It provides a curated collection of reusable code units and technical guides that help developers master core language mechanics, design patterns, and architectural philosophies. The project distinguishes itself by offering a wide-ranging library of algorithmic solutions and web development patterns that are organized into modular, independently testable units. It emphasizes functional programming paradigms and declarative logic,
Bower is a frontend package manager and client-side asset manager used to install and track third-party JavaScript and CSS libraries for browser-based projects. It functions as a web dependency manager that ensures consistent versioning across different development environments. The tool operates as a Git-based dependency manager, retrieving source code directly from Git repositories rather than relying on a central package registry. It utilizes a semantic versioning resolver to match manifest constraints against Git tags to determine the correct package version. To prevent nested directory t
pnpm is a command-line package manager designed to automate the retrieval, installation, and version management of software dependencies. It utilizes a deterministic resolution process and a lockfile to ensure that dependency trees remain consistent across different environments and machines. The project distinguishes itself through a content-addressable storage engine that saves every version of a package exactly once on the file system. By employing a hard-linking installation strategy and a symlink-based directory structure, it maps dependencies from a central store into individual project
OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas
Entropic is a language-agnostic package registry and distribution system that uses content-addressable storage to host and version software packages across a network of mirrors. It functions as both a private package registry and a JavaScript package manager, identifying assets by cryptographic hashes rather than file paths. The system focuses on reliable distribution through private package mirrors that cache and sync remote dependencies to prevent installation failures during external downtime. It includes a version manager for assigning distribution tags and controlling the software releas