Skip to content

Kartikey2011yadav/fpm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

   ███████╗██████╗ ███╗   ███╗
   ██╔════╝██╔══██╗████╗ ████║
   █████╗  ██████╔╝██╔████╔██║
   ██╔══╝  ██╔═══╝ ██║╚██╔╝██║
   ██║     ██║     ██║ ╚═╝ ██║
   ╚═╝     ╚═╝     ╚═╝     ╚═╝

Fast Package Manager for Python

The package manager that sees everything, breaks nothing, and forgets nothing.

CI Go License: MIT Platform

InstallQuick StartDocumentationWhy fpm?


A next-generation Python package manager that coexists with your existing tools. Written in Go for speed. Designed for teams who need reproducibility, safety, and visibility across their entire Python ecosystem.

curl -fsSL https://raw.githubusercontent.com/Kartikey2011yadav/fpm/main/install.sh | bash

Why fpm?

Problem pip/uv fpm
"What installed this package?" No idea Shows exact manager (pip/uv/conda/fpm)
"Roll back to yesterday's environment" Impossible fpm snapshot restore <id>
"Don't ever change numpy version" Can't enforce [immutable] pins in config
"10 projects use requests — 10 copies" Yes One copy, hardlinked everywhere
"pip broke my venv, conda disagrees" Debug for hours See all managers, detect conflicts

Key Features

Environment Snapshots (git for your packages)

fpm snapshot create "before experiment"   # capture state
fpm install torch transformers            # experiment
fpm snapshot diff 20260607-143000         # see what changed
fpm snapshot restore 20260607-143000      # instantly roll back

Cross-Manager Awareness

$ fpm list -a
Package    Version    Manager    Location
requests   2.31.0     fpm        .venv/lib/.../site-packages
numpy      1.24.0     pip        .venv/lib/.../site-packages
black      23.1.0     uv         .venv/lib/.../site-packages
scipy      1.10.0     conda      /opt/conda/lib/.../site-packages

$ fpm install numpy
  numpy 1.24.0 is already installed via pip — skipping download

Immutable Package Pinning

# fpm.toml — numpy can NEVER be changed from this version
[immutable]
packages = [{ name = "numpy", version = "1.24.0" }]
$ fpm install numpy==2.0.0
  error: cannot install numpy ==2.0.0: pinned as immutable at 1.24.0 in fpm.toml

Smart Dependency Management (like apt/pacman)

fpm tracks which packages you asked for vs which came as dependencies. Only you decide what stays:

$ fpm install -s flask            # flask = REQUESTED (protected)
                                  # jinja2, click, etc. = DEPENDENCY (removable)

$ fpm remove -sp flask            # removes flask + only its unused deps
                                  # keeps urllib3 if requests still needs it

$ fpm autoremove --system         # clean ALL orphaned deps
$ fpm mark --requested click      # protect click from autoremove
$ fpm tree --system               # visualize the full dependency graph

No other Python package manager tracks this. pip/uv leave orphans forever.

Zero-Duplication Storage

fpm stores every package once (content-addressable by SHA256) and links it into projects via reflink/hardlink. 10 projects using requests = one copy on disk.

Intelligent Error Messages

$ fpm install request
  error: Package "request" not found on PyPI

    hint: Did you mean "requests"?
          Run: fpm install requests

Install

# Interactive installer (recommended, verifies SHA256)
curl -fsSL https://raw.githubusercontent.com/Kartikey2011yadav/fpm/main/install.sh | bash

# Windows PowerShell
irm https://raw.githubusercontent.com/Kartikey2011yadav/fpm/main/install.ps1 | iex

# Other methods
pip install fpm-cli                                      # PyPI
brew install kartikeyyadav/tap/fpm                       # Homebrew
go install github.com/kartikeyyadav/fpm/cmd/fpm@latest   # Go
docker run ghcr.io/kartikey2011yadav/fpm --version       # Docker

Quick Start

fpm init myproject && cd myproject   # create project + venv
fpm install requests pandas          # install packages
fpm run python main.py               # run in managed env
fpm snapshot create "v1"             # save environment state
fpm list                             # see fpm packages
fpm list -a                          # see ALL packages (pip, conda, etc.)

No activation needed. fpm detects your project by directory — just cd into it. Unlike pip, you never need source .venv/bin/activate. Leaving the directory (cd ..) automatically deactivates the project environment.

CLI Reference

Package Management

Command Description
fpm install <pkg> Install packages (alias: add)
fpm remove <pkg> Remove (aliases: uninstall, rm, flags: -f -p)
fpm autoremove Remove orphaned unused dependencies
fpm mark --show <pkg> Show if package is requested/dependency
fpm mark --requested <pkg> Protect package from autoremove
fpm list List fpm packages (alias: ls)
fpm list -a List ALL packages (all managers)
fpm sync Sync environment from lockfile
fpm lock Generate/update lockfile
fpm tree Show dependency tree
fpm audit Scan for vulnerabilities (OSV)

Project

Command Description
fpm init Create project (pyproject.toml + venv)
fpm run <cmd> Run in managed environment
fpm build Build wheel/sdist
fpm publish Upload to PyPI

Environment

Command Description
fpm venv Create virtual environment
fpm python list List Python versions
fpm python install <ver> Install Python version
fpm python use <ver> Switch Python (--system for global)
fpm snapshot create [msg] Capture environment state
fpm snapshot restore <id> Roll back to snapshot
fpm snapshot diff <id> Compare snapshots
fpm tag <name> [snap-id] Name a snapshot (like git tag)
fpm status Show drift from lockfile (like git status)
fpm log Show operation history (like git log)

Tools & System

Command Description
fpm tool run <pkg> Run tool (cached ephemeral env)
fpm tool install <pkg> Install CLI tool permanently
fpm cache gc Remove unused packages
fpm repair Diagnose + fix issues
fpm config show Display all settings
fpm self update Update fpm to latest (SHA256 verified)
fpm completion [shell] Generate shell completions (bash/zsh/fish/powershell)
fpm docs [topic] Open docs in browser or show topic help

Flags

Flag Description
-v Print version
-s, --system Install to system Python (required without venv)
-q, --quiet Suppress output
--json JSON output
--allow-insecure-host <host> Skip TLS for specific hosts
--log-level <level> debug/info/warn/error/off

Configuration

# fpm.toml
[project]
name = "my-project"
requires-python = ">=3.10"
dependencies = ["requests>=2.28", "numpy"]

[tool]
cross-manager-policy = "ask"    # ask | install | skip
concurrency = 50

[immutable]
packages = [{ name = "numpy", version = "1.24.0" }]

[network]
allow-insecure-host = ["internal-pypi.corp.example.com"]

[log]
level = "off"                   # debug | info | warn | error | off

Priority (highest wins): CLI flags > env vars > project fpm.toml > user config > defaults

How It's Different

Feature pip uv fpm
Content-addressable storage No No Yes (zero duplication)
Environment snapshots No No Yes (instant restore)
Cross-manager detection No No Yes (pip, uv, conda, poetry, pdm)
Immutable version pins No No Yes (enforced by resolver)
Dependency graph tracking No No Yes (requested vs transitive)
Autoremove orphans No No Yes (like apt/pacman)
Reflink support No No Yes (CoW on APFS/btrfs)
Reference-tracked GC No No Yes (only removes orphans)
Bundled CA certificates certifi webpki Mozilla (built-in)
Per-host TLS bypass --trusted-host --allow-insecure-host --allow-insecure-host
Requires venv for install No Yes (--system) Yes (--system)

Platforms

Platform Status
macOS (Apple Silicon + Intel) Supported
Linux (x86_64 + ARM64) Supported
Windows (x86_64) Supported
Docker (multi-arch) Supported
JupyterHub / multi-user Supported

Documentation

Contributing

See CONTRIBUTING.md for development setup and guidelines.

License

MIT

About

No description, website, or topics provided.

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors