Vanta
Every developer tool, one command.
Vanta installs, pins, and switches developer tools and language runtimes from a single binary — verified downloads, content-addressed storage, per-directory version switching, and source builds for tools that ship no prebuilt binaries.
Install
|
Or with cargo:
Use
What's in the registry
Prebuilt tools (full upstream version history where checksums allow): node, go, python, uv, ripgrep, fd, jq, terraform, gh, pnpm, deno, bun, kubectl, helm, just, fzf, yq, zoxide, bat, delta.
Source-build tools (compiled locally from checksum-verified source): ruby, git, lua, and the GNU set (grep, sed, gawk, wget, tar, findutils, diffutils, make).
Security
The official registry is fetched over HTTPS and verified against a compiled-in minisign root public key; every artifact is checksum-gated (fail-closed). Archive extraction is hardened against path traversal and decompression bombs. See SECURITY.md.
Links
- Repository: https://github.com/squaretick/vanta
- CLI reference:
docs/04-cli.md - License: Apache-2.0