100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Package Managers Comparison Cheat Sheet

Package Managers Comparison Cheat Sheet

Side-by-side reference comparing common OS and language package managers, their install/update/remove syntax, and key configuration files.

2 PagesIntermediateFeb 10, 2026

Linux OS Package Managers

Core commands for apt (Debian/Ubuntu), dnf (Fedora/RHEL), and pacman (Arch).

bash
# apt (Debian/Ubuntu)sudo apt update                 # Refresh package indexsudo apt install nginx          # Install packagesudo apt remove nginx           # Remove, keep configssudo apt purge nginx            # Remove including configssudo apt upgrade                # Upgrade all packages# dnf (Fedora/RHEL/CentOS Stream)sudo dnf install nginxsudo dnf remove nginxsudo dnf upgrade --refreshsudo dnf list installed# pacman (Arch Linux)sudo pacman -Syu                # Sync + full system upgradesudo pacman -S nginx            # Installsudo pacman -R nginx            # Removesudo pacman -Rns nginx          # Remove + unused deps + configs

Language Package Managers

Common install/add/remove commands for npm, pip, and cargo.

bash
# npm (Node.js)npm install express             # Install + save to dependenciesnpm install -D typescript       # Save as devDependencynpm uninstall expressnpm ci                          # Clean install from package-lock.json# pip (Python)pip install requestspip install -r requirements.txtpip freeze > requirements.txt   # Snapshot installed versionspip uninstall requests# cargo (Rust)cargo add serde                 # Add dependency to Cargo.tomlcargo build --releasecargo remove serde

Manifest & Lock Files

Where each manager stores dependency declarations and resolved versions.

  • package.json / package-lock.json- npm's declared deps and exact resolved dependency tree
  • requirements.txt / Pipfile.lock- pip's flat list, or Pipenv's locked resolution
  • pyproject.toml / poetry.lock- Modern Python packaging metadata and Poetry's locked graph
  • Cargo.toml / Cargo.lock- Rust crate manifest and pinned dependency versions
  • go.mod / go.sum- Go module requirements and cryptographic checksums
  • Gemfile / Gemfile.lock- Ruby Bundler's declared and resolved gem versions
  • *.deb / *.rpm- Compiled Linux binary package formats used by apt/dpkg and dnf/rpm respectively

Semantic Versioning Ranges

How different ecosystems express acceptable version ranges.

  • ^1.2.3 (npm)- Allow changes that don't modify the leftmost non-zero digit (up to <2.0.0)
  • ~1.2.3 (npm)- Allow only patch-level changes (up to <1.3.0)
  • >=1.2,<2.0 (pip)- Explicit inclusive/exclusive bounds in PEP 440 syntax
  • 1.2.* (pip)- Wildcard match for any patch version within 1.2
  • "1.2.3" (cargo default)- Cargo treats bare versions as caret requirements by default (^1.2.3)
  • =1.2.3- Pin to an exact version, supported across npm, pip, and cargo
Pro Tip

Always commit lock files (package-lock.json, poetry.lock, Cargo.lock) to version control — they guarantee reproducible installs across machines and CI, while manifest files alone only express intent, not resolution.

Was this cheat sheet helpful?

Explore Topics

#PackageManagersComparison#PackageManagersComparisonCheatSheet#DevOps#Intermediate#LinuxOSPackageManagers#LanguagePackageManagers#ManifestLockFiles#SemanticVersioningRanges#CheatSheet#SkillVeris