Package Managers Comparison Cheat Sheet
Side-by-side reference comparing common OS and language package managers, their install/update/remove syntax, and key configuration files.
2 PagesIntermediateFeb 10, 2026
Linux OS Package Managers
Core commands for apt (Debian/Ubuntu), dnf (Fedora/RHEL), and pacman (Arch).
bash
# apt (Debian/Ubuntu)sudo apt update # Refresh package indexsudo apt install nginx # Install packagesudo apt remove nginx # Remove, keep configssudo apt purge nginx # Remove including configssudo apt upgrade # Upgrade all packages# dnf (Fedora/RHEL/CentOS Stream)sudo dnf install nginxsudo dnf remove nginxsudo dnf upgrade --refreshsudo dnf list installed# pacman (Arch Linux)sudo pacman -Syu # Sync + full system upgradesudo pacman -S nginx # Installsudo pacman -R nginx # Removesudo pacman -Rns nginx # Remove + unused deps + configs
Language Package Managers
Common install/add/remove commands for npm, pip, and cargo.
bash
# npm (Node.js)npm install express # Install + save to dependenciesnpm install -D typescript # Save as devDependencynpm uninstall expressnpm ci # Clean install from package-lock.json# pip (Python)pip install requestspip install -r requirements.txtpip freeze > requirements.txt # Snapshot installed versionspip uninstall requests# cargo (Rust)cargo add serde # Add dependency to Cargo.tomlcargo build --releasecargo remove serde
Manifest & Lock Files
Where each manager stores dependency declarations and resolved versions.
- package.json / package-lock.json- npm's declared deps and exact resolved dependency tree
- requirements.txt / Pipfile.lock- pip's flat list, or Pipenv's locked resolution
- pyproject.toml / poetry.lock- Modern Python packaging metadata and Poetry's locked graph
- Cargo.toml / Cargo.lock- Rust crate manifest and pinned dependency versions
- go.mod / go.sum- Go module requirements and cryptographic checksums
- Gemfile / Gemfile.lock- Ruby Bundler's declared and resolved gem versions
- *.deb / *.rpm- Compiled Linux binary package formats used by apt/dpkg and dnf/rpm respectively
Semantic Versioning Ranges
How different ecosystems express acceptable version ranges.
- ^1.2.3 (npm)- Allow changes that don't modify the leftmost non-zero digit (up to <2.0.0)
- ~1.2.3 (npm)- Allow only patch-level changes (up to <1.3.0)
- >=1.2,<2.0 (pip)- Explicit inclusive/exclusive bounds in PEP 440 syntax
- 1.2.* (pip)- Wildcard match for any patch version within 1.2
- "1.2.3" (cargo default)- Cargo treats bare versions as caret requirements by default (^1.2.3)
- =1.2.3- Pin to an exact version, supported across npm, pip, and cargo
Pro Tip
Always commit lock files (package-lock.json, poetry.lock, Cargo.lock) to version control — they guarantee reproducible installs across machines and CI, while manifest files alone only express intent, not resolution.
Was this cheat sheet helpful?
Explore Topics
#PackageManagersComparison#PackageManagersComparisonCheatSheet#DevOps#Intermediate#LinuxOSPackageManagers#LanguagePackageManagers#ManifestLockFiles#SemanticVersioningRanges#CheatSheet#SkillVeris