Back when I was a C++ developer in the late 2000s, I didn’t use open source. The only external libraries I used were some proprietary libraries and we only released our software about once a quarter.
This is not how we build software today:
- open source is now in every project; and
- modern software embraces continuous releases and DevOps practices.
To navigate the complexities of versioning, dependency management and to easily consume open source software, a software artifact manager, also known as a package manager, is indispensable.
The adoption of package managers in C and C++ projects is on the rise- however, a recent ISO C++ survey underscores that there is still considerable progress needed before package managers can outpace traditional approaches like copying and pasting code or downloading prebuilt binaries.
Let's talk today about:
- How C and C++ projects consume external libraries without a package manager.
- The benefits of a package manager.
- The most popular C and C++ package managers- Conan and vcpkg.
Life without a package manager
The lack of a standardized package manager results in various methods for consuming external libraries. For instance:
- Using CMake, Developers can consume open source libraries using the ExternalProject_Add or FetchContent commands.
- Copying and pasting source code
- Directly downloading prebuilt binaries.
- Compile the libraries separately using their instructions.
- System package managers like yum, rpm, apt, homebrew,
This absence of a standardized package manager in the C++ ecosystem can lead to several challenges and issues:
- Manual Dependency Tracking: Developers often resort to manual tracking of dependencies, which is prone to human error and leads to potential oversights, version conflicts, and security vulnerabilities.
- Versioning Challenges: Managing different versions of libraries and ensuring compatibility across projects becomes a complex, time-consuming, and error-prone task.
- Security Concerns: Identifying and addressing security vulnerabilities in dependencies requires manual effort, leaving projects susceptible to risks.
- Reduced Collaboration: The lack of a package manager makes it harder to share and reuse code.
The benefits of a C++ package manager
- Efficient Dependency Tracking: Package managers automate the process of tracking and resolving dependencies, reducing the risk of using outdated or vulnerable components.
- Version Control and Compatibility: Centralized package management ensures version consistency across projects, mitigating versioning conflicts and enhancing compatibility.
- Automated Security Auditing: Many package managers come equipped with tools for automated security auditing, enabling developers to identify and address vulnerabilities proactively.
- Enhanced Collaboration: Package managers provide a standardized way to share and reproduce development environments, fostering collaboration and streamlining workflows.
Existing C++ Package Managers
In the C++ community, there are presently two front-runners for package management: Conan and vcpkg.
These open source tools feature an active community of contributors and a healthy package registry, simplifying the process of managing, consuming, and distributing C and C++ libraries.
Let's have a look at them here:
Conan is an open source project that started in 2016 and aimed to empower C and C++ teams to adopt DevOps practices. Conan is a package manager for C and C++ programming languages that works on all platforms and with all build systems and compilers. You can consume over 1500 packages from the Conan central registry.
Developed by Microsoft, vcpkg is an open source package manager for C and C++ libraries on Windows, Linux, and macOS. It provides precompiled binaries to simplify the installation of dependencies. You can browse over 2000 packages in vcpkg's package registry.
Both Conan and vcpkg are great additions to add to the developer toolkit for consuming external libraries.
Elevate Your Workflow
In the world of C and C++ development, using package managers is now essential. Ready to upgrade your workflow? Get your public and private Conan repository hosting at Cloudsmith now, or explore our documentation for more details on our Conan support.