Automic VaultAutomic Vault

brew

vcpkg mit Homebrew, dnf, Nix, pacman, scoop installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für vcpkg in AI-Agent-Workflows.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install vcpkg

local Homebrew formula metadata

Linux

Fedora dnfverifiziert · 92%
sudo dnf install vcpkg

Fedora Rawhide package metadata · vcpkg · Quelle: dl.fedoraproject.org

Nixverifiziert · 92%
nix profile install nixpkgs#vcpkg

nixpkgs package indexes · pkgs/by-name/vc/vcpkg/package.nix · Quelle: api.github.com

Arch Linux pacmanverifiziert · 92%
sudo pacman -S vcpkg

Arch Linux sync databases · vcpkg · Quelle: geo.mirror.pkgbuild.com

Windows

Scoopverifiziert · 92%
scoop install main/vcpkg

Scoop official bucket manifest trees · bucket/vcpkg.json · Quelle: api.github.com

Überblick

Paketzusammenfassung

C++ Library Manager

Befehle und Aliase

  • vcpkg

Verlauf

Projektgeschichte und Nutzung

vcpkg is Microsoft's open-source C and C++ package manager, built around a curated ports registry, a command-line tool, and integration points for native build systems. It began as a way to make Windows C++ library consumption less painful, then grew into a cross-platform workflow for Windows, macOS, Linux, and multiple target triplets.

The project matters because it brought package-manager ergonomics to an ecosystem that historically depended on handwritten build instructions, vendored source trees, system packages, or project-specific CMake glue. Its package-nerd identity is the combination of source-built ports, reproducible baselines, triplets, binary caching, and manifest files checked into application repositories.

Projektgeschichte

The public Microsoft/vcpkg repository was created on 2016-09-15, matching Microsoft's later description of the September 2022 release as vcpkg's sixth anniversary. Early vcpkg centered on a shared installed tree and simple commands for acquiring C++ libraries; the maintained registry became the main social and technical object, with contributors adding and updating port recipes.

By 2020, vcpkg's implementation was being separated into the Microsoft/vcpkg-tool repository, whose GitHub metadata describes it as the components of the vcpkg binary. That split reflects the project's maturation from a scripts-and-ports repository into a package manager with an independently released tool and a fast-moving registry.

Adoptionsgeschichte

Microsoft's C++ Team reported in October 2022 that vcpkg had passed 2,000 unique open-source libraries in its public registry, with over 10,000 available port versions, 95 contributors active during that release window, 4.8k forks, and 16.8k GitHub stars. On 2026-07-02, GitHub API metadata for Microsoft/vcpkg showed more than 27k stars and 7.6k forks, indicating continued adoption in the C++ tooling community.

The public vcpkg site describes a catalog of 2,849 open-source libraries, while Microsoft Learn material presents vcpkg as a free C/C++ package manager for acquiring and managing libraries and adding private libraries. The adoption story is therefore both public-registry growth and enterprise workflow growth: teams can pin baselines, use custom registries, and share binary caches in CI.

Wie es verwendet wird

Modern vcpkg use is usually manifest mode: projects commit a vcpkg.json file declaring direct dependencies and, when needed, a vcpkg-configuration.json file for registries and baselines. Microsoft Learn describes manifest mode as the recommended workflow for most users, while classic mode remains available for installing packages directly into a vcpkg tree.

Package users care about triplets because vcpkg packages are built for a target configuration rather than merely downloaded as opaque archives. CI-heavy users care about binary caching, which Microsoft documents as a way to persist vcpkg-built binaries across clean build agents, including GitHub Actions workflows.

Warum Paket-Nerds sich dafür interessieren

vcpkg is significant because it treats C++ package management as a build-recipe and ABI problem instead of only a download problem. Ports can encode source retrieval and build steps, triplets encode target choices, manifests encode project dependencies, and baselines make dependency versions reviewable in source control.

For package maintainers, vcpkg also became a visible catalog of C and C++ library portability work. A working port is not just a version number; it is evidence that a library can be fetched, patched if necessary, configured, built, and tested across at least one supported target.

Zeitleiste

  • 2016-09-15: The Microsoft/vcpkg GitHub repository was created.
  • 2020-12-08: The Microsoft/vcpkg-tool repository was created for the vcpkg binary components.
  • 2022-10-06: Microsoft marked vcpkg's sixth anniversary and reported more than 2,000 unique libraries in the public registry.
  • 2024: Microsoft Learn continued positioning manifest mode as the recommended workflow for most users.
  • 2026-07-02: GitHub API metadata showed Microsoft/vcpkg with more than 27k stars and active pushes on the same day.

Related projects

  • vcpkg is commonly compared with Conan, system package managers, language-specific package managers, and project-local vendoring. Its closest internal companion is vcpkg-tool, the repository for the compiled tool that works with the main ports registry.
  • In CMake projects, vcpkg is often used through its toolchain integration, so its practical ecosystem overlaps heavily with CMake, MSBuild, Visual Studio, GitHub Actions, NuGet-style binary caches, and private source registries.

Quellen

Sicherheitslage

Risikostufe: grün

library-like package without higher-risk signals.

Risikoklassifikator

grün Risiko · niedrig Konfidenz · appliance

Warum

  • library-like package without higher-risk signals

Signale

  • metadata:library-like

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 6 Plattformziele verfügbar.
  • Installiert mit 2 Laufzeitabhängigkeiten.
  • Build-Metadaten listen 2 Build-Abhängigkeiten.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
vcpkg.jsonvcpkg-configuration.json

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
vcpkgcliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-10
Manager-Version2026-05-27
Manager aktualisiert2026-06-01
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/microsoft/vcpkg-tool

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:vcpkg
Version2026-05-27
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/vcpkg
Homepagehttps://github.com/microsoft/vcpkg
Repositoryhttps://github.com/microsoft/vcpkg
Upstream-Dokumentationhttps://learn.microsoft.com/en-us/vcpkg
LizenzMIT
Quellarchivhttps://github.com/microsoft/vcpkg-tool/archive/refs/tags/2026-05-27.tar.gz
Zuletzt aktualisiert2026-06-01T19:50:20Z
Pulseupdated
Abhängigkeitenfmt, ninja
Build-Abhängigkeitencmake, cmrc
Von macOS bereitgestellte Bibliothekencurl
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert
EinschränkungenThis formula provides only the `vcpkg` executable. To use vcpkg: git clone https://github.com/microsoft/vcpkg "$HOME/vcpkg" export VCPKG_ROOT="$HOME/vcpkg"

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namevcpkg
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Nix95%

vcpkg

nix profile install nixpkgs#vcpkg
  • normalized package name match
  • Abgeglichen nach: Vcpkg
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/vc/vcpkg/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
dnf95%

vcpkg 2026.04.08-1.fc45

C++ Library Manager

https://github.com/microsoft/vcpkg-tool

sudo dnf install vcpkg
  • License: MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: vcpkg
  • 11 Abhängigkeiten
  • 2 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Vcpkg
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: vcpkg from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

vcpkg 2026.05.27-1

C++ library manager

https://vcpkg.io

sudo pacman -S vcpkg
  • License: MIT
  • Architecture: x86_64
  • 10 Abhängigkeiten
  • normalized package name match
  • Abgeglichen nach: Vcpkg
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: vcpkg from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
Scoop95%

main/vcpkg

scoop install main/vcpkg
  • normalized package name match
  • Abgeglichen nach: Vcpkg
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/vcpkg.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment