Blog

Why Programmers Need a C++ Package Manager

Nov 17 2023/software artifact management/3 min read
Why C and C++ programmers should use a package manager
Discover the risks and drawbacks of developing and distributing software without the support of a C++ package manager.

Back when I was a C++ developer in the late 2000s, I didn’t use open source. The only external libraries I used were some proprietary libraries and we only released our software about once a quarter. 

This is not how we build software today: 

  • open source is now in every project; and 
  • modern software embraces continuous releases and DevOps practices. 

Meanwhile, C++ developers and DevOps Engineers look over the fence at Python, JavaScript and Rust and envy how easy it is for them to consume open source.

To navigate the complexities of versioning, dependency management and to easily consume open source software, a software artifact manager, also known as a package manager, is indispensable.

The adoption of package managers in C and C++ projects is on the rise- however, a recent ISO C++ survey underscores that there is still considerable progress needed before package managers can outpace traditional approaches like copying and pasting code or downloading prebuilt binaries.

Let's talk today about:

  • How C and C++ projects consume external libraries without a package manager.
  • The benefits of a package manager.
  • The most popular C and C++ package managers- Conan and vcpkg.

Life without a package manager

Unlike languages such as Python, Java, or JavaScript, the C and C++ ecosystem has operated without the use of a standard package manager as part of its standard library or toolset. 

The lack of a standardized package manager results in various methods for consuming external libraries. For instance:

  • Using CMake, Developers can consume open source libraries using the ExternalProject_Add or FetchContent commands. 
  • Copying and pasting source code 
  • Directly downloading prebuilt binaries. 
  • Compile the libraries separately using their instructions.
  • System package managers like yum, rpm, apt, homebrew, 

This absence of a standardized package manager in the C++ ecosystem can lead to several challenges and issues:

  • Manual Dependency Tracking: Developers often resort to manual tracking of dependencies, which is prone to human error and leads to potential oversights, version conflicts, and security vulnerabilities.
  • Versioning Challenges: Managing different versions of libraries and ensuring compatibility across projects becomes a complex, time-consuming, and error-prone task.
  • Security Concerns: Identifying and addressing security vulnerabilities in dependencies requires manual effort, leaving projects susceptible to risks.
  • Reduced Collaboration: The lack of a package manager makes it harder to share and reuse code.

The benefits of a C++ package manager

  • Efficient Dependency Tracking: Package managers automate the process of tracking and resolving dependencies, reducing the risk of using outdated or vulnerable components.
  • Version Control and Compatibility: Centralized package management ensures version consistency across projects, mitigating versioning conflicts and enhancing compatibility.
  • Automated Security Auditing: Many package managers come equipped with tools for automated security auditing, enabling developers to identify and address vulnerabilities proactively.
  • Enhanced Collaboration: Package managers provide a standardized way to share and reproduce development environments, fostering collaboration and streamlining workflows.

Existing C++ Package Managers

In the C++ community, there are presently two front-runners for package management: Conan and vcpkg. 

These open source tools feature an active community of contributors and a healthy package registry, simplifying the process of managing, consuming, and distributing C and C++ libraries.

Let's have a look at them here:

Conan

Conan is an open source project that started in 2016 and aimed to empower C and C++ teams to adopt DevOps practices. Conan is a package manager for C and C++ programming languages that works on all platforms and with all build systems and compilers. You can consume over 1500 packages from the Conan central registry.

vcpkg

Developed by Microsoft, vcpkg is an open source package manager for C and C++ libraries on Windows, Linux, and macOS. It provides precompiled binaries to simplify the installation of dependencies. You can browse over 2000 packages in vcpkg's package registry.

Both Conan and vcpkg are great additions to add to the developer toolkit for consuming external libraries. 

Elevate Your Workflow

In the world of C and C++ development, using package managers is now essential. Ready to upgrade your workflow? Get your public and private Conan repository hosting at Cloudsmith now, or explore our documentation for more details on our Conan support.

Picture of Ciara Carey
Read more byCiara Carey
Get our next blog straight to your inbox