I wonder why the author recommend winget but not scoop. Scoop obviously has more community support and that's the most important part of a package manager (more packages, more frequent update, etc).
> I wonder why the author recommend winget but not scoop.
Scott Hanselman works for Microsoft and is a prominent advocate for the .NET/Microsoft ecosystem so his recommendations are likely to skew towards native MS tools in the first instance.
Nothing wrong with that as long as you consume his material through that lens!
That said, I'm quite surprised I hadn't heard of Scoop[0]. Looks interesting...
It's absolutely not, but it's being picked up industry-wide and even by Microsoft themselves. Basically any piece of Electron shitware can be found installing itself to %LOCALAPPDATA%, silently updating itself and leaving gigabytes of old copies around in subfolders. I think it's a lost battle and not worth getting angry about anymore.
They can prevent that if they want to (there are tons of admin software to prevent users from install unapproved software on windows) so it really is a nonissue. The main issue is extra space, but that also isn't that big of an issue if the app is written well for updates and I don't know why that would be any more or less efficient when installed by "user" vs "admin"
While they could prevent it, that's not how. The software is never "installed". It's only unzipped to scoops install directory (usually home/scoop/...)
Then it adds the install directory to the PATH and it's done. The copied executables have never been marked as unknown by windows in my experience.
Admins could of course lock down systems to only allow executables with specific hashedls which are manually whitelisted by the admins, but just disallowing installs won't help at all
Disallowing powershell or scripting altogether makes it impossible to use as well.
It has some pros and cons depends on what you value, but I wish that Linux ecosystem can make it easier to install software in home, no root permission needed.
I have a remote access to a ubuntu server, and I tried to use my zshrc but there is no zsh installed. Maybe asking the admin of the server to install zsh is another way to do it, but I managed to compile zsh and use it as my default shell. Although it works, but I wish that there is a easier way to install software locally without having to resort to compiling.
Scoop tries to swim upstream and change the default install location. In my experience, this ultimately leads to problems and system fragility. Sure, it should work, but that's no comfort when it doesn't work right when you need it. Instead, you should install software to the default place and install it as admin. That's how it's tested by its developers and that's how it's tested for regression and compatibility within Microsoft.
Agreed. winget is lacking most features I absolutely need from a package manager, including listing installed packages, uninstalling packages, and updating packages. These are all on the v1 roadmap [1], but for the foreseeable future I'm sticking with scoop.
In short, Scoop installs all your apps in the user home dir. Apps are not installed through an installer, but through a .zip file. A pro is that you do not need to be admin on your PC for Scoop to function (handy for PCs that are not in your control). A con I've encountered is that Windows is not very friendly towards apps that are not installed through an installer. I've installed IrfanView through Scoop, but for some reason, Windows restores "Photos" as default app for opening pictures a few times a week, this was not the case when I installed IrfanView with an installer.
^ I've installed IrfanView through Scoop, but for some reason, Windows restores "Photos" as default app for opening pictures a few times a week, this was not the case when I installed IrfanView with an installer.
This may not be Scoops fault. I installed Irfanview with choco and have to reset my default programs setting every so often, presumably since Windows 10 takes user settings as suggestions for the Microsoft PM to ignore every few weeks when the OKRs get thin :).
I'd not heard of Scoop before today but have used chocolatey extensively in the past.
However I'm wary of all these tools (including brew on Mac) as they all feel like a pretty efficient way to main line your own personal supply chain attack into your dev machine!
For that reason I now try to use them sparingly and with a high degree of suspicion.
With most package managers you can review package sources (e.g. "choco info" for chocolatey or "brew info" / "brew edit" for homebrew).
As for threat model it comes down to whether using package management poses larger risk than doing everything manually and risking running a range of outdated packages.
Scoop installs all the files locally by default and doesn't need to be run through an elevated shell. In junction to this, there's also usually less trouble with leftover files after uninstalling programs.
The official software repo might be smaller than chocolate's, but to my eye, as it is moderated through a single open github repo, it seems much simpler.
Tangentially related, but I wish that running elevated from the shell was more ergonomic. I want to just be able to have a sudo-like command to run elevated from an otherwise non-elevated shell. Instead I have to launch a new instance of the shell host that's elevated. ConEmu makes this feel more seamless by doing some window manipulation hacks to bring elevated and non-elevated into tabs of the same window, but Windows Terminal doesn't want to do anything so hacky which means having a second Windows Terminal window when running elevated.
I wonder if improving this is possible within the current design of Windows or if it would be a fundamental change in how it handles user privileges.
In addition to the alternatives others have mentioned, the author of `scoop` also has a package available for `scoop` named `sudo`, described as "An approximation of the Unix sudo command. Shows a UAC popup window unfortunately."
From a non-elevated shell (cmd or ps), you can run `sudo <command>` to a roughly equivalent effect from *nix terminals. I find it meets my needs.
That's what I was wondering? It's been around for literally decades. I'm 99.9% linux user now but back in the day runas came in handy on windows for daemons that I would write and test to run in the background as various users or admin.
