{"id":13500419,"url":"https://github.com/replit/upm","last_synced_at":"2025-05-14T18:07:04.584Z","repository":{"id":41508618,"uuid":"190822884","full_name":"replit/upm","owner":"replit","description":"⠕ Universal Package Manager - Python, Node.js, Ruby, Emacs Lisp.","archived":false,"fork":false,"pushed_at":"2025-05-08T15:58:39.000Z","size":56820,"stargazers_count":1092,"open_issues_count":8,"forks_count":97,"subscribers_count":46,"default_branch":"main","last_synced_at":"2025-05-12T21:05:17.780Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://repl.it","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/replit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-06-07T23:19:11.000Z","updated_at":"2025-05-12T18:40:52.000Z","dependencies_parsed_at":"2023-10-23T19:27:19.155Z","dependency_job_id":"69763a5e-504f-4a09-a6d6-5b24c91b17a4","html_url":"https://github.com/replit/upm","commit_stats":{"total_commits":423,"total_committers":28,"mean_commits":"15.107142857142858","dds":0.5626477541371158,"last_synced_commit":"8f4d06f8a2a3308b21b2f18cdb839a96b4c7e82b"},"previous_names":[],"tags_count":55,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replit%2Fupm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replit%2Fupm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replit%2Fupm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replit%2Fupm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/replit","download_url":"https://codeload.github.com/replit/upm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254198515,"owners_count":22030966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T22:01:00.064Z","updated_at":"2025-05-14T18:06:59.573Z","avatar_url":"https://github.com/replit.png","language":"Go","readme":"# UPM\n\n[![GoDoc](https://godoc.org/github.com/replit/upm?status.svg)](https://godoc.org/github.com/replit/upm)\n[![Run on Repl.it](https://repl.it/badge/github/replit/upm)](https://replit.com/new/github/replit/upm)\n\nUPM is the **Universal Package Manager**. It allows you to manage\npackages for any (supported) programming language through the same\ninterface following the [principle of least\nastonishment](https://en.wikipedia.org/wiki/Principle_of_least_astonishment).\nAt [Repl.it](https://repl.it/), we use UPM to provide deep package\nmanager integration for many different programming languages using the\nsame infrastructure.\n\nUPM does not implement package management itself. Instead, it runs a\npackage manager for you. The value added is:\n\n* you don't have to figure out whether to use Pip or Pipenv or Poetry\n to manage your Python packages or wade into the Cabal-versus-Stack\n holy war in Haskell-land\n* you don't have to puzzle out why `pip search flask` doesn't return\n Flask in the search results\n* you don't have to debug Bundler silently dropping your command-line\n options if you don't specify them in the right (undocumented) order\n* you don't have to think about why the developers of NPM and Yarn\n decided to implement two completely different and mutually\n incompatible behaviors for `list --depth=0`, neither of which is\n exactly what you want\n* you don't have to investigate what format the Yarn lockfile is in\n (turns out: almost YAML, but not quite)\n* et cetera (I could go on all day)\n\nIn other words, UPM eliminates the need to remember a huge collection\nof language-specific package manager quirks and weirdness, and adds a\nfew nifty extra features like dependency guessing and\nmachine-parseable specfile and lockfile listing.\n\n## Supported languages\n\n* Core: `upm add`, `upm remove`, `upm lock`, `upm install`, `upm list`\n* Index: `upm search`, `upm info`\n* Guess: `upm guess`\n\n| | core | index | guess |\n|-----------------------|------|-------|-------|\n| python-python3-uv | yes | yes | yes |\n| python-python3-pip | yes | yes | yes |\n| python-python3-poetry | yes | yes | yes |\n| nodejs-yarn | yes | yes | yes |\n| nodejs-pnpm | yes | yes | yes |\n| nodejs-npm | yes | yes | yes |\n| ruby-bundler | yes | yes | |\n| elisp-cask | yes | yes | yes |\n| dart-pub.dev | yes | yes | |\n| rlang | yes | yes | |\n| java | yes | yes | |\n| rust | yes | yes | |\n| dotnet | yes | yes | |\n| php | yes | yes | |\n\n## Installation\n\nYou have many options. UPM is a single binary with no dependencies, so\nyou can install it anywhere. Tarballs are available on the [releases\npage](https://github.com/replit/upm/releases). Read on for\ninstructions on installing via a package manager.\n\n### macOS\n\nAvailable on [Homebrew](https://brew.sh/) in a [custom\ntap](https://docs.brew.sh/Taps).\n\n $ brew install replit/tap/upm\n\n### Debian-based Linux\n\n.deb packages are available on the [releases\npage](https://github.com/replit/upm/releases).\n\n### RPM-based Linux\n\n.rpm packages are available on the [releases\npage](https://github.com/replit/upm/releases).\n\n### Arch Linux\n\nSoon to be available on the [Arch User\nRepository](https://aur.archlinux.org/). Right now, you can clone this\nrepository and install with `makepkg` using the PKGBUILD in\n[`packaging/aur`](packaging/aur).\n\n### Windows\n\nAvailable on [Scoop](https://scoop.sh/) in the [main\nbucket](https://github.com/ScoopInstaller/Main/blob/master/bucket/upm.json).\n\n $ scoop install upm\n\n### Snappy\n\nSoon to be available on the [Snap Store](https://snapcraft.io/store).\nRight now, .snap packages are available on the [releases\npage](https://github.com/replit/upm/releases).\n\n### Docker\n\nYou can try out UPM right away in a Docker image based on Ubuntu that\nhas all the supported languages and package managers already\ninstalled.\n\n $ docker run -it --rm replco/upm\n\nAdditional tags are also available. `replco/upm:full` is the same as\nthe above, while `replco/upm:light` just has the UPM binary installed\nto `/usr/local/bin` and none of the languages or package managers\ninstalled. If you want to run a specific tagged release, rather than\nthe latest development snapshot, use e.g. `replco/upm:1.0`,\n`replco/upm:1.0-full`, or `replco/upm:1.0-light`.\n\n## Quick start\n\nLet's create a new Python project:\n\n $ mkdir ~/python\n $ cd ~/python\n\nWe'll start by adding Flask as a dependency. UPM will handle setting\nup the project for us:\n\n $ upm -l python add flask\n --\u003e python3 -m poetry init --no-interaction\n\n This command will guide you through creating your pyproject.toml config.\n\n\n --\u003e python3 -m poetry add flask\n Creating virtualenv python-py3.7 in /root/.cache/pypoetry/virtualenvs\n Using version ^1.1 for flask\n\n Updating dependencies\n Resolving dependencies... (0.6s)\n\n Writing lock file\n\n\n Package operations: 6 installs, 0 updates, 0 removals\n\n - Installing markupsafe (1.1.1)\n - Installing click (7.0)\n - Installing itsdangerous (1.1.0)\n - Installing jinja2 (2.10.1)\n - Installing werkzeug (0.15.4)\n - Installing flask (1.1.1)\n\nUPM operates on a *specfile* and *lockfile* for each project. The\nspecfile says what your project's dependencies are in a human-readable\nformat, while the lockfile specifies exact versions for everything,\nincluding transitive dependencies. For Python, the specfile is\n`pyproject.toml` and the lockfile is `poetry.lock`:\n\n $ ls\n poetry.lock pyproject.toml\n\nWe don't have to read them ourselves, because UPM can handle that.\nNotice that UPM is now aware that our project uses Python, because of\nthe files that were created:\n\n $ upm list\n name spec\n ----- ----\n flask ^1.1\n\n $ upm list -a\n name version\n ------------ -------\n click 7.0\n flask 1.1.1\n itsdangerous 1.1.0\n jinja2 2.10.1\n markupsafe 1.1.1\n werkzeug 0.15.4\n\nLet's search for another dependency to add:\n\n $ upm search nose\n --\u003e python3 -c '\u003csecret sauce\u003e' nose\n Name Description Version\n ----------------- ---------------------------------------------------------------------- -------\n nose nose extends unittest to make testing easier 1.3.7\n nose-detecthttp A nose plugin to detect tests making http calls. 1.1.0\n nose-picker nose plugin that picks a subset of your unit tests 0.5.5\n nose-progressive A testrunner with a progress bar and smarter tracebacks 1.5.2\n nose-unittest UNKNOWN 0.1.1\n nose-blockage Raise errors when communicating outside of tests 0.1.2\n nose-watcher A nose plugin to watch for changes within the local directory. 0.1.3\n nose-bisect A Nose plugin which allows bisection of test failures. 0.1.0\n nose-printlog Print log to console in nose tests 0.2.0\n nose-json A JSON report plugin for Nose. 0.2.4\n nose-faulthandler Nose plugin. Activates faulthandler module for test runs. 0.1\n nose-knows 0.2\n nose-pagerduty PagerDuty alert plugin for nose 0.2.0\n nose-logpertest Logging nose plugin to create log per test 0.0.1\n nose-bleed A progressive coverage plugin for Nose. 0.5.1\n nose-numpyseterr Nose plugin to set how floating-point errors are handled by numpy 0.1\n nose-skipreq nose plugin that will skip Google API RequestError exceptions. 2.0\n nose-selecttests Specify whitelist of keywords for tests to be run by nose 0.5\n nose-pacman A testrunner with a pacman progress bar 0.1.0\n nose-switch Add special switches in code, based on options set when running tests. 0.1.5\n\nWe can get more information about a package like this:\n\n $ upm info nose\n --\u003e python3 -c '\u003csecret sauce\u003e' nose\n Name: nose\n Description: nose extends unittest to make testing easier\n Version: 1.3.7\n Homepage: http://readthedocs.org/docs/nose/\n Author: Jason Pellerin \u003cjpellerin+nose@gmail.com\u003e\n License: GNU LGPL\n\nFor piping into other programs, the `search` and `info` commands can\nalso output JSON:\n\n $ upm info nose --format=json | jq\n --\u003e python3 -c '\u003csecret sauce\u003e' nose\n {\n \"name\": \"nose\",\n \"description\": \"nose extends unittest to make testing easier\",\n \"version\": \"1.3.7\",\n \"homepageURL\": \"http://readthedocs.org/docs/nose/\",\n \"author\": \"Jason Pellerin \u003cjpellerin+nose@gmail.com\u003e\",\n \"license\": \"GNU LGPL\"\n }\n\nUPM can also look at your project's source code and guess what\npackages need to be installed. We use this on Repl.it to help\ndevelopers get started faster. To see it in action, we'll need some\nsource code:\n\n $ git clone https://github.com/replit/play.git ~/play\n $ cd ~/play\n $ upm add --guess\n --\u003e python3 -c '\u003csecret sauce\u003e' '\u003csecret sauce\u003e'\n --\u003e python3 -m poetry init --no-interaction\n\n This command will guide you through creating your pyproject.toml config.\n\n\n --\u003e python3 -m poetry add pygame pymunk setuptools\n Creating virtualenv play-py3.7 in /root/.cache/pypoetry/virtualenvs\n Using version ^1.9 for pygame\n Using version ^5.5 for pymunk\n Using version ^41.0 for setuptools\n\n Updating dependencies\n Resolving dependencies... (1.4s)\n\n Writing lock file\n\n\n Package operations: 4 installs, 0 updates, 0 removals\n\n - Installing pycparser (2.19)\n - Installing cffi (1.12.3)\n - Installing pygame (1.9.6)\n - Installing pymunk (5.5.0)\n\nYou can also just get the list of guessed dependencies, if you want.\nThe `-a` flag lists all guessed dependencies, even the ones already\nadded to the specfile:\n\n $ upm guess -a\n pygame\n pymunk\n setuptools\n\nAll of this might seem a bit too simple to justify a new tool, but the\nreal power of UPM is that it works exactly the same for every\nprogramming language:\n\n $ upm -l nodejs info express\n Name: express\n Description: Fast, unopinionated, minimalist web framework\n Version: 4.17.1\n Homepage: http://expressjs.com/\n Source code: git+https://github.com/expressjs/express.git\n Bug tracker: https://github.com/expressjs/express/issues\n Author: TJ Holowaychuk \u003ctj@vision-media.ca\u003e\n License: MIT\n\n $ upm -l ruby info jekyll\n --\u003e ruby -e '\u003csecret sauce\u003e' jekyll\n Name: jekyll\n Description: Jekyll is a simple, blog aware, static site generator.\n Version: 3.8.6\n Homepage: https://github.com/jekyll/jekyll\n Documentation: http://jekyllrb.com\n Source code: https://github.com/jekyll/jekyll\n Bug tracker: https://github.com/jekyll/jekyll/issues\n Author: Tom Preston-Werner\n License: MIT\n Dependencies: addressable, colorator, em-websocket, i18n, jekyll-sass-converter, jekyll-watch, kramdown, liquid, mercenary, pathutil, rouge, safe_yaml\n\n $ upm -l elisp info elnode\n --\u003e emacs -Q --batch --eval '\u003csecret sauce\u003e' /tmp/elpa552971126 info elnode\n Name: elnode\n Description: The Emacs webserver.\n Version: 20190702.1509\n Dependencies: web, dash, noflet, s, creole, fakir, db, kv\n\nThat includes adding and removing packages, listing the specfile and\nlockfile, searching package indices, and guessing project\ndependencies. UPM knows all the best practices for each language so\nthat you don't have to!\n\n## Usage\n\nExplore the command-line interface at your leisure:\n\n $ upm --help\n Usage:\n upm [command]\n\n Available Commands:\n which-language Query language autodetection\n list-languages List supported languages\n search Search for packages online\n info Show package information from online registry\n add Add packages to the specfile\n remove Remove packages from the specfile\n lock Generate the lockfile from the specfile\n install Install packages from the lockfile\n list List packages from the specfile (or lockfile)\n guess Guess what packages are needed by your project\n show-specfile Print the filename of the specfile\n show-lockfile Print the filename of the lockfile\n show-package-dir Print the directory where packages are installed\n help Help about any command\n\n Flags:\n -h, --help display command-line usage\n --ignored-packages strings packages to ignore when guessing (comma-separated)\n -l, --lang string specify project language(s) manually\n -q, --quiet don't show what commands are being run\n -v, --version display command version\n\n Use \"upm [command] --help\" for more information about a command.\n\nHere are useful things to know that aren't obvious:\n\n* **Language detection:** Your project's language is autodetected by\n the files in the current directory. This can be overridden either\n partially or completely by specifying a value for the `-l` option.\n You can see the available languages by running `upm list-languages`.\n In addition to a full language (e.g. `python3-poetry`), you\n can specify something simpler (e.g. `python`, `python3`,\n `poetry`, `python-poetry`). In that case, UPM will examine all of\n the matching languages and pick whichever one it thinks is best. You\n can experiment with this logic by providing the `-l` option to `upm\n which-language`.\n* **Information flow:** Conceptually, information about packages flows\n one way in UPM: add/remove -\u003e specfile -\u003e lockfile -\u003e installed\n packages. You run `upm add` and `upm remove`, which modifies the\n specfile, and then the lockfile is automatically generated from the\n specfile, and then packages are automatically installed or\n uninstalled according to the lockfile. Just running `upm add` or\n `upm remove` will automatically perform all of these steps. Skipping\n steps is unfortunately not supported, because few package managers\n support that. You can however run only later steps in the pipeline\n by means of the `upm lock` and `upm install` commands.\n* **Caching:** UPM maintains a simple JSON cache in the `.upm`\n subdirectory of your project, in order to improve performance. This\n is used to (1) skip generating the lockfile from the specfile if the\n specfile hasn't changed since last time; (2) skip reinstalling\n packages from the lockfile if the lockfile hasn't changed since last\n time; and (3) skip doing a full analysis of your code on `upm guess`\n if your imports haven't actually changed since last time (according\n to a quick regexp search). To reset the cache, you can delete that\n directory. However, this shouldn't be necessary very often, because\n you can use the `--force-lock` and `--force-install` options to `upm\n add`, `upm remove`, `upm lock`, and `upm install` (it is just\n `--force` for `upm install` due to lack of ambiguity) in order to\n ignore the cache for cases (1) and (2).\n\n### Environment variables respected\n\n* `UPM_PROJECT`: path to top-level directory containing project files.\n UPM uses this as its working directory. Defaults to the first parent\n directory containing a directory entry named `.upm` (like Git\n searches for `.git`), or the current directory if `.upm` is not\n found.\n* `UPM_PYTHON2`: if nonempty, use instead of `python2` when invoking\n Python 2.\n* `UPM_PYTHON3`: if nonempty, use instead of `python3` when invoking\n Python 3.\n* `UPM_SILENCE_SUBROUTINES`: if nonempty, then enable `-q` when\n running commands that are not directly related to the operation the\n user requested (e.g. if running `upm add`, enable `-q` when reading\n the specfile to check which packages are already added).\n* `UPM_STORE`: path of file used to store the JSON cache file,\n relative or absolute. Defaults to `.upm/store.json`.\n\n## Dependencies\n\nUPM itself has no dependencies. It is a single statically-linked\nbinary. However, if you wish to actually use it to manage packages for\na language, then the relevant language package manager needs to be\ninstalled, as follows:\n\n* `python-python3-poetry`/`python-python2-poetry`\n * [Python 2/3](https://www.python.org/)\n * [Pip](https://pip.pypa.io/en/stable/) for appropriate version(s)\n of Python\n * [Poetry](https://poetry.eustace.io/) for appropriate version(s) of\n Python\n* `nodejs-yarn`\n * [Node.js](https://nodejs.org/en/)\n * [Yarn](https://yarnpkg.com/en/) for Yarn backend\n * [NPM](https://www.npmjs.com/get-npm) for NPM backend\n* `nodejs-pnpm`\n * [Node.js](https://nodejs.org/en/)\n * [PNPM](https://pnpm.io/) for PNPM backend\n * [NPM](https://www.npmjs.com/get-npm) for NPM backend\n* `ruby-bundler`\n * [Ruby](https://www.ruby-lang.org/en/)\n * [Bundler](https://bundler.io/)\n * [json](https://ruby-doc.org/stdlib/libdoc/json/rdoc/JSON.html)\n* `elisp-cask`\n * [Emacs](https://www.gnu.org/software/emacs/)\n * [Cask](https://github.com/cask/cask)\n * [curl](https://curl.haxx.se/) (for `search` and `info`)\n * [SQLite](https://www.sqlite.org/index.html) (for `guess`)\n\nAll of these dependencies are already installed in the\n`replco/upm:full` Docker image.\n\n## Contributing\n\n $ make help\n usage:\n make upm Build the UPM binary\n make dev Run a shell with UPM source code and all package managers inside Docker\n make light Build a Docker image with just the UPM binary\n make full Build a Docker image with the UPM binary and all package managers\n make doc Open Godoc in web browser\n make deploy Publish UPM snapshot Docker images to Docker Hub\n make pkgbuild Update and test PKGBUILD\n make clean Remove build artifacts\n make help Show this message\n\nTo build UPM, run `make upm` (or just `make`), the built\nbinary can be found in `./cmd/upm/upm`. To remove build\nartifacts, run `make clean`.\n\n### Using Replit (simplest)\n\nYou can develop UPM on Replit. Simply click on [this](https://replit.com/new/github/replit/upm)\nlink and the repo will start cloning into a Repl.\n\nOnce you're in your new Repl, you can hit run\nto build a new binary (or `make` in shell). You can create\na test folder and use the binary and test your changes.\nFor example say you made a change to the `nodejs-npm` language\nand want to test it, you would hit run and do the following:\n\n $ mkdir testnpm\n $ cd testnpm\n $ npm init -y\n $ ../cmd/upm/upm add left-pad -l nodejs-npm\n\n\n### Using Docker\n\nYou can use [Docker](https://www.docker.com/) to avoid needing to\ninstall the package managers that UPM drives. To do this, run `make\ndev`. This will build an image and launch a shell inside the container\nwith the UPM source directory on your computer synced with the\nfilesystem inside the container. The same Makefile targets are\navailable, and UPM is added to the `$PATH` automatically. You only\nneed to restart the shell if you edit the Dockerfile or the scripts\nused by the Dockerfile. Aliases available inside the shell:\n\n* `l`: `ls -lAhF`\n* `mt`: create temporary directory and cd to it (convenient for\n switching to a new \"project\" context)\n* `u`: build UPM binary if source code has been modified, then run\n with given arguments\n* `ub`: same as `u`, but force rebuilding binary (may be useful if you\n previously built outside the Docker container)\n\nTo build a Docker image which has only the UPM binary, for embedding\nin other images, run `make light`. The image will be tagged as\n`upm:light`. Alternatively, to build a Docker image which has the\nbinary and all the package managers, but not the UPM source code, run\n`make full`. The image will be tagged as `upm:full`. These two images\nare automatically built and deployed to [Docker\nHub](https://hub.docker.com/r/replco/upm) when a commit is merged to\n`master`.\n\nUPM does not currently have any tests; however, we plan to fix this.\n\n### Deployment\n\nWhenever a commit is merged to `master`, snapshot Docker images are\nbuilt and pushed to Docker Hub by CircleCI. Whenever a tagged release\n(e.g. `v1.0`) is pushed to GitHub, the following happens:\n\n* Release Docker images are tagged and pushed to Docker Hub.\n* The [changelog](CHANGELOG.md) is parsed and published as a GitHub\n Release with the following assets:\n * source code (.zip and .tar.gz)\n * binary (.tar.gz; darwin, freebsd, linux, and windows; 386 and\n amd64)\n * Debian package (.deb; 386 and amd64)\n * RPM package (.rpm; 386 and amd64)\n * Snappy package (.snap; 386 and amd64)\n * checksums (.txt)\n* The [Repl.it Homebrew tap](https://github.com/replit/homebrew-tap)\n is updated.\n* The [Repl.it Scoop bucket](https://github.com/replit/scoop-bucket)\n is updated.\n\nOnce you push a release and it passes CI, the following must be done\n**manually**:\n\n* Edit [`packaging/aur/PKGBUILD`](packaging/aur/PKGBUILD) with the new\n version and run `make pkgbuild` to update and test the AUR package.\n Then push a new commit. (Once we are allowed to publish to AUR, you\n should also push `packaging/aur` there.)\n\n\u003c!-- Local Variables: --\u003e\n\u003c!-- truncate-lines: t --\u003e\n\u003c!-- End: --\u003e\n","funding_links":[],"categories":["Go","others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplit%2Fupm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freplit%2Fupm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplit%2Fupm/lists"}