🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

gitman

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gitman

A language-agnostic dependency manager using Git.

3.5.3
PyPI
Maintainers
1

Overview

Gitman is a language-agnostic dependency manager using Git. It aims to serve as a submodules replacement and provides advanced options for managing versions of nested Git repositories.

Demo

Linux Build Windows Build Code Coverage Code Quality PyPI License PyPI Version PyPI Downloads

Setup

Requirements

  • Python 3.8+
  • Git 2.8+ (with stored credentials)

Installation

Install this tool globally with pipx (or pip):

$ pipx install gitman

or add it to your Poetry project:

$ poetry add gitman

Configuration

Generate a sample config file:

$ gitman init

or manually create one (gitman.yml or .gitman.yml) in the root of your working tree:

location: vendor/gitman

sources:
  - repo: "https://github.com/kstenerud/iOS-Universal-Framework"
    name: framework
    rev: Mk5-end-of-life
  - repo: "https://github.com/jonreid/XcodeCoverage"
    name: coverage
    links:
      - target: Tools/XcodeCoverage
  - repo: "https://github.com/dxa4481/truffleHog"
    name: trufflehog
    rev: master
    scripts:
      - chmod a+x truffleHog/truffleHog.py
  - repo: "https://github.com/FortAwesome/Font-Awesome"
    name: fontawesome
    rev: master
    sparse_paths:
      - "webfonts/*"
  - repo: "https://github.com/google/material-design-icons"
    name: material-design-icons
    rev: master

groups:
  - name: code
    members:
      - framework
      - trufflehog
  - name: resources
    members:
      - fontawesome
      - material-design-icons

default_group: code

Ignore the dependency storage location:

$ echo vendor/gitman >> .gitignore

Usage

See the available commands:

$ gitman --help

Updating Dependencies

Get the latest versions of all dependencies:

$ gitman update

which will essentially:

  • Create a working tree at <root>/<location>/<name>
  • Fetch from repo and checkout the specified rev
  • Symbolically link each <location>/<name> from <root>/<link> (if specified)
  • Repeat for all nested working trees containing a config file
  • Record the actual commit SHAs that were checked out (with --lock option)
  • Run optional post-install scripts for each dependency

where rev can be:

  • all or part of a commit SHA: 123def
  • a tag: v1.0
  • a branch: main
  • a rev-parse date: 'main@{2015-06-18 10:30:59}'

Alternatively, get the latest versions of specific dependencies:

$ gitman update framework

or named groups:

$ gitman update resources

Restoring Previous Versions

Display the versions that are currently installed:

$ gitman list

Reinstall these specific versions at a later time:

$ gitman install

Deleting Dependencies

Remove all installed dependencies:

$ gitman uninstall

Resources

Keywords

git
version control
build systems
dependency management
submodules

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs

Security News

pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs

pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.

By Sarah Gooding  -  Jun 11, 2025