Top 23 Package Management Open-Source Projects

1. Homebrew-cask

   1 59 22,060 10.0 Ruby

   🍻 A CLI workflow for the administration of macOS applications distributed as binaries

   

   Project mention: Ask HN: Can you uninstall Notion from macOS? | news.ycombinator.com | 2025-10-02

   One technique I occasionally have to use is to look at the “zap” stanza of an app’s homebrew cask formula:

   https://github.com/Homebrew/homebrew-cask/blob/f44500902e420...

   Based on the “notion-updater” I’m guessing there’s also a launchagent/launchdaemon that is “updating” (read: reinstalling) it whenever you manually delete it.

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. renovate

   2 135 21,687 10.0 TypeScript

   Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

   

   Project mention: How to give GitHub Copilot cross-repo context today | dev.to | 2026-06-08

   What surprised me, going through the tooling landscape for this post, is that nothing else in the stack answers the question either. Renovate understands dependency manifests more deeply than almost any tool in existence, one repository at a time. Asked directly whether cross-repository dependency detection was planned, a maintainer's answer this May was unambiguous: "Renovate only operates on a per-repository basis", with no plans to change. Dependabot has the same shape. The tools that read your manifests every single day read them one repo at a time, and then forget what they saw.

4. CocoaPods

   3 59 14,825 2.2 Ruby

   The Cocoa Dependency Manager.

   

   Project mention: The CocoaPods Sunset: What Dec 2, 2026 Means for Your React Native App | dev.to | 2026-05-02

   Governance: While it is an open-source project hosted on GitHub, it operates through a centralized registry called the CocoaPods Trunk.

5. fpm

   4 38 11,479 8.5 Ruby

   Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

   

6. Chocolatey

   5 401 11,405 9.2 C#

   Chocolatey - the package manager for Windows

   

   Project mention: The Ultimate Guide to a Smooth Dev Environment | dev.to | 2026-04-09

   Package managers like Chocolatey (Windows), APT (Linux), and Homebrew simplify software installation and management. They keep your tools up-to-date and reduce dependency conflicts.

7. patch-package

   6 69 11,197 3.8 TypeScript

   Fix broken node modules instantly 🏃🏽‍♀️💨

   

   Project mention: Upcoming breaking changes for NPM v12 | news.ycombinator.com | 2026-06-09

   Absolutely not, there are plenty of use-cases for them. https://www.npmjs.com/package/patch-package comes to mind off the top of my head.

   Hopefully current hysteria will not result in some bs decisions like this.

8. pip

   7 129 10,191 9.8 Python

   The Python package installer

   

   Project mention: Open Source Security at Astral | news.ycombinator.com | 2026-04-08

   > pip allows it but it's with a timestamp

   A PR to be able to use a relative timestamp in pip was merged just last week

   https://github.com/pypa/pip/pull/13837/commits

9. PDM

   8 50 8,641 9.1 Python

   A modern Python package and dependency manager supporting the latest PEP standards

   

10. glide

    9 2 8,103 0.0 Go

    Package Management for Golang (by Masterminds)

    

11. pip-tools

    10 64 8,004 9.4 Python

    A set of tools to keep your pinned Python dependencies fresh.

    

    Project mention: Postmortem: AI Incident Classifier Failed Due to Biased Training Data and Scikit-Learn 1.5 | dev.to | 2026-05-05

    Use dependency pinning tools like Poetry (https://github.com/python-poetry/poetry) or pip-tools (https://github.com/jazzband/pip-tools) to lock all transitive dependencies, not just top-level ones. Before upgrading any ML library, audit the release notes for breaking changes to default parameters: Scikit-Learn maintains a detailed changelog at https://scikit-learn.org/stable/whats\_new.html. For critical pipelines, add a pre-commit hook that checks for unpinned dependencies or unrecognized default parameters. We reduced our dependency-related incidents by 92% after implementing this practice.

12. conda

    11 32 7,427 9.8 Python

    A system-level, binary package and environment manager running on all major operating systems and platforms.

    

13. pixi

    12 21 7,273 9.8 Rust

    Powerful system-level package manager for Linux, macOS and Windows written in Rust – building on top of the Conda ecosystem.

    

    Project mention: Thoughts on OpenAI acquiring Astral and uv/ruff/ty | news.ycombinator.com | 2026-03-22

    +1 for Conda. I also have to mention pixi (https://github.com/prefix-dev/pixi) which kinda is a uv for the Conda ecosystem. Highly recommend!

14. topgrade

    13 33 4,153 9.7 Rust

    Upgrade all the things

    

    Project mention: Toward a more POSIX-Friendly PowerShell experience | dev.to | 2026-05-18

    topgrade – All-in-one package updater. Works with choco, scoop, winget, and more.

15. luarocks

    14 15 3,697 7.8 Lua

    LuaRocks is the package manager for the Lua programming language.

    

    Project mention: Congratulations on creating the one billionth repository on GitHub | news.ycombinator.com | 2025-06-11

    A couple weeks ago there was some Lua community issues because LuaRocks surpassed 65,535 packages.

    There was a conflict between this and the LuaRocks implementation under LuaJIT [1] [2], inflicting pain on a narrow set of users as their CI/CD pipelines and personal workflows failed.

    It was resolved pretty quick, but interesting!

    [1] https://github.com/luarocks/luarocks/issues/1797

    [2] https://github.com/openresty/docker-openresty/issues/276

16. BaGet

    15 8 2,780 0.0 C#

    A lightweight NuGet and symbol server

    

17. habitat

    16 4 2,743 9.9 Rust

    Modern applications with built-in automation

    

18. RubyGems

    17 27 2,430 9.8 Ruby

    The Ruby community's gem hosting service.

    

    Project mention: Contributing to RubyGems (.org) | dev.to | 2026-01-28

    I found https://github.com/rubygems/rubygems.org/issues/4294 from 2023. No one had fixed it, yet.

19. Paket

    18 10 2,084 8.5 F#

    A dependency manager for .NET with support for NuGet packages and Git repositories.

    

    Project mention: PYX: The next step in Python packaging | news.ycombinator.com | 2025-08-13

    The main NuGet was problematic for a long time e.g. not providing any control over transitive dependencies. You had to use https://fsprojects.github.io/Paket/ if you wanted safe and consistent resolution. NuGet since got their act together and it’s not as flawed now.

20. pypiserver

    19 3 2,038 6.5 Python

    Minimal PyPI server for uploading & downloading packages with pip/easy_install

    

21. safety

    20 7 1,982 8.5 Python

    Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

    

22. bpkg

    21 4 1,970 0.0 Shell

    Lightweight bash package manager

    

23. bioconda-recipes

    22 6 1,832 10.0 Shell

    Conda recipes for the bioconda channel.

    

24. NuGet

    23 5 1,630 9.5 C#

    NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.

    

Package Management related posts

• How to give GitHub Copilot cross-repo context today

  1 project | dev.to | 8 Jun 2026

• Renovate & Dependabot: The New Malware Delivery System

  2 projects | dev.to | 29 May 2026

• The CocoaPods Sunset: What Dec 2, 2026 Means for Your React Native App

  1 project | dev.to | 2 May 2026

• Postmortem: HashiCorp Vault 1.16 Secret Rotation Failure Caused 4-Hour Outage for Payment Services

  2 projects | dev.to | 28 Apr 2026

• Open Source Security at Astral

  6 projects | news.ycombinator.com | 8 Apr 2026

• Thoughts on OpenAI acquiring Astral and uv/ruff/ty

  1 project | news.ycombinator.com | 22 Mar 2026

• Feedback wanted: monorepos, getting started and "week 1" problems, complexity

  1 project | news.ycombinator.com | 24 Feb 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 10 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com