Spirit-Led Software

Cross-platform package manager

Install tools across Windows, macOS, and Linux with one verifiable workflow.

Crosspack is a native Rust package manager built for deterministic installs, verified registry metadata, artifact checks, and recovery commands without wrapping another ecosystem's package manager.

Start five-minute proof View GitHub repo
Verification-first posture v0.10.x
  • Trusted source management with fingerprint pinning and snapshot refresh.
  • Install, upgrade, uninstall, rollback, repair, and doctor commands available now.
  • Search, inspect, and explain package metadata from verified local snapshots.
  • Shell setup and completion install paths for bash, zsh, fish, and PowerShell.

Why Crosspack

A package manager for the parts of installs people usually leave vague.

Crosspack exists to give users a native package manager with first-class Windows, macOS, and Linux behavior, without hiding trust decisions behind another ecosystem's package manager.

What the bench proves

The page now points you at one concrete flow: install Crosspack, inspect a real package manifest, verify how artifacts are named, and confirm recovery commands are part of the shipped tool.

Rust Deterministic Verified metadata Cross-platform

Start the five-minute proof

Use the install scripts for the clean public path today. They install the latest GitHub release, bootstrap the trusted core registry source, and run crosspack update automatically.

macOS + Linux

curl -fsSL https://raw.githubusercontent.com/spiritledsoftware/crosspack/main/scripts/install.sh | sh

Windows (PowerShell)

irm https://raw.githubusercontent.com/spiritledsoftware/crosspack/main/scripts/install.ps1 | iex

Proof transcript

Run these immediately after install. The transcript stays short on purpose: list the trusted source, search, inspect, then install through artifact verification.

  1. Step 1

    crosspack registry list

    Expected: See the trusted `core` source configured after install.

  2. Step 2

    crosspack search ripgrep

    Expected: Confirm the local verified snapshot can answer real package queries.

  3. Step 3

    crosspack info ripgrep

    Expected: Inspect package metadata before installing anything.

  4. Step 4

    crosspack install ripgrep

    Expected: Exercise the real install path with artifact verification.

Verification bench

Inspect one trust chain before you decide.

Use one familiar CLI package as the specimen: inspect its manifest, verify the artifact hash, then install through the same trust chain.

Specimen package

ripgrep

crosspack info ripgrep --explain-trust
Inspect live manifest on GitHub
  1. 1

    source fingerprint

    core:sha256:6d4f...c91b

    Pin the trusted core registry source before metadata is accepted locally.

  2. 2

    manifest

    registry/packages/ripgrep/package.toml

    Inspect the package record that names versions, platforms, release URLs, and verification material.

  3. 3

    artifact hash

    sha256:9b74...2a31

    Check the downloaded release against its SHA-256 before install completes.

  4. 4

    rollback

    crosspack rollback ripgrep

    Keep recovery in the normal command surface when an install or upgrade needs to be unwound.

Who this helps first

Platform teams

Standardize installs across developer laptops and CI runners without inventing separate platform-specific setup instructions.

Security-conscious teams

Favor verified metadata, pinned source trust, and artifact hash checks over ad-hoc curl-and-pray package installs.

Tool builders

Ship your CLI through a registry model designed for repeatable installs, updates, rollback, and repair workflows.

Questions a skeptical buyer will ask

How does Crosspack keep installs trustworthy?

Crosspack verifies trusted registry metadata, pins source fingerprints, and checks release artifact hashes before install so the normal path is safer than copying random shell snippets.

What happens if an upgrade goes sideways?

The current CLI already ships rollback, repair, and doctor workflows so users have an escape hatch when a package or local environment breaks.

Is this just wrapping another package manager?

No. Crosspack is a native Rust package manager with its own registry model and install workflow built for consistent behavior across Windows, macOS, and Linux.

Why this beats the usual install mess

What do you get immediately?

Crosspack

Native install scripts for Windows, macOS, and Linux plus a public registry path.

Typical status quo

Different setup instructions per platform and more copy-pasted shell history.

How is trust handled?

Crosspack

Pinned source fingerprints, signed metadata, and SHA-256 artifact checks are part of the normal flow.

Typical status quo

Trust often depends on reading random install docs correctly every single time.

What happens when installs break?

Crosspack

Rollback, repair, and doctor are shipped commands, not future promises.

Typical status quo

Users usually debug a broken machine state by hand.

Final CTA

Run the install path against the verification bench.

Run one install, inspect one manifest, then decide whether Crosspack's trust model deserves a deeper look.

Inspect source + docs on GitHub