Compare all of that to scoop which has a single version of packages, lol.
ROYAL TS VS WINSCP INSTALL
You can also install multiple versions at once via the -my switch after that command. For example, installing choco install python3 -version 3.7.5. It's basically better than scoop in EVERY way.Ĭhocolatey also lets you pin certain versions for certain packages, to never upgrade/downgrade them. And it cleanly upgrades or uninstalls packages as needed. It automatically makes an alias under C:\ProgramData\chocolatey\bin and only adds that folder to PATH so it does not pollute path. It automatically installs any dependencies for any package. So scoop has nothing for me.Īnd Chocolately cleanly installs all packages in C:\ProgramData\chocolatey, so for example if you choco install ripgrep it ends up in C:\ProgramData\chocolatey\lib\ripgrep\. Then again, I WANT machine-wide installs. Scoop's only nice benefit is that it installs packages in a local folder without doing a machine-wide install. Version management is a mess (there's only latest, nothing else). Unlike scoop (which reddit shills love to shill), a cute hobby project which basically has no quality/security control (it is all done via github pull requests), very slow package updates (due to the pull request nature (there are like 500 open pull requests for package updates)), everything could be installing malicious binaries. As you can see, it includes complete information about virus scan results, what the package does, moderation, version history, etc. Here is an example of the package page for Git on chocolatey.
ROYAL TS VS WINSCP SOFTWARE
So if you install software via Chocolatey you KNOW that it doesn't have ANY viruses. And package executables are checksummed to ensure the downloaded data matches the verified data. And lastly, all binaries that the packages install are sent to virustotal and rejected if they are flagged by any of the 70 antivirus engines.
ROYAL TS VS WINSCP UPDATE
Real humans moderate each update to look for and ensure there are no malicious lines of code added to any package install scripts. Correctness tools to ensure the software installs properly. The package installation scripts are run through analysis tools to check for malicious behavior. Turns out, Chocolatey has a massive process to ensure no fraud gets through: īasically boils down to: Every single update of every package is moderated. I was reading a bunch of FUD and lies on Reddit about how "insecure" it is because it requires admin privileges, and that it is "terrible" to allow package contributors (community patches) to submit code that runs as admin, and bla bla bla.