# Vanta
**Every developer tool, one command.**
Vanta installs, pins, and switches developer tools and language runtimes from a
single binary — verified downloads, content-addressed storage, per-directory
version switching, and source builds for tools that ship no prebuilt binaries.
## Install
```sh
curl --proto '=https' --tlsv1.2 -fsSL \
Or with cargo:
```sh
cargo install vanta
```
## Use
```sh
vanta add node@24 # resolve + install (verified)
vanta add ruby@3.3.6 # source build (compiles from source)
vanta search '' # list the registry
vanta info go # show a tool's versions
eval "$(vanta activate zsh)" # per-directory version switching
```
## What's in the registry
Prebuilt tools (full upstream version history where checksums allow): node, go,
python, uv, ripgrep, fd, jq, terraform, gh, pnpm, deno, bun, kubectl, helm,
just, fzf, yq, zoxide, bat, delta.
Source-build tools (compiled locally from checksum-verified source): ruby, git,
lua, and the GNU set (grep, sed, gawk, wget, tar, findutils, diffutils, make).
## Security
The official registry is fetched over HTTPS and verified against a compiled-in
minisign **root public key**; every artifact is checksum-gated (fail-closed).
Archive extraction is hardened against path traversal and decompression bombs.
See [SECURITY.md](https://github.com/squaretick/vanta/blob/main/SECURITY.md).
## Links
- Repository: <https://github.com/squaretick/vanta>
- CLI reference: `docs/04-cli.md`
- License: Apache-2.0