WinGet is the command-line client for Windows Package Manager. It installs, upgrades, removes, and configures applications on Windows 10, Windows 11, and Windows Server 2025. By typing a short command you replace multi-step wizards, web searches, and manual downloads with a predictable routine that fits scripts, build pipelines, and daily upkeep.
Origins and Evolution
Microsoft introduced Windows Package Manager at Build 2020 as an open source project on GitHub. Early previews focused on basic install and upgrade tasks. Community pull requests soon filled the public repository with thousands of manifests that describe where to fetch an installer, which silent switches to call, and what hash to expect. Version 1.0 arrived in mid-2021. Since then the client has gained private feeds, pinned versions, YAML-based configuration files, and locale filtering. Today more than four thousand unique packages sit in the default source, and organizations host their own feeds for internal tools.
Installation and Prerequisites
(Credits)
WinGet ships in the App Installer component, so most users already have it.
Check availability
nginx
winget --info- If the command returns version information, you are set.
- Install from Microsoft Store
Download App Installer on systems that lack it, including sandbox sessions and stripped-down server images.
Install manually
When no Store access exists, download Microsoft.DesktopAppInstaller_*.msixbundle and its two dependency packages, then run:
sql
Add-AppxPackage Microsoft.VCLibs.x64.14.00.Desktop.appx
Add-AppxPackage Microsoft.UI.Xaml.2.8.x64.appx
Add-AppxPackage Microsoft.DesktopAppInstaller_*.msixbundleThe process takes less than a minute on a broadband link.
WinGet requires 64-bit Windows 10 version 1709 or later and PowerShell 5 or Windows Terminal for a pleasant shell experience.
Core Commands
| Purpose | Command | Notes |
| Discover software | winget search <term> | Search Id, name, description, and tags. |
| Inspect details | winget show <Id> | View version, publisher, switches, links. |
| Install | winget install <Id> | Silent by default. Use –interactive if you want the installer UI. |
| Upgrade report | winget upgrade | Lists available updates. |
| Upgrade one app | winget upgrade <Id> | Updates a single package. |
| Upgrade all apps | winget upgrade –all –include-unknown | Covers everything on the machine. |
| Remove | winget uninstall <Id> | Runs the registered uninstaller. |
| List inventory | winget list | Shows every registered program, not only WinGet packages. |
| Pin version | winget pin add –id <Id> –version <v> | Locks the package. |
| Export manifest | winget export -o packages.json | Saves current inventory for later import. |
| Import manifest | winget import packages.json | Recreates identical environment. |
| Configuration | winget configure –file dev.wpkg.yaml | Installs packages and applies settings at once. |
These commands address 90 percent of daily needs. Advanced flags tune scope, license acceptance, or output formatting for automation pipelines.
Managing Sources and Manifests
The default public catalog sits at https://winget.azureedge.net/cache. You may add extra feeds:
sql
winget source add --name Contoso \
--arg https://packages.contoso.local/index.json \
--authorization EntraIDA private feed accepts the same YAML format used in the public repository. Each manifest contains:
- Id – unique identifier like Git.Git.
- Installer URL – direct link to MSI, EXE, or MSIX.
- Installer SHA-256 – protects against tampering.
- Silent switches – /quiet, /S, or comparable flags.
- Dependencies – framework runtimes or other packages.
Write manifests once, store them in version control, and reference them in images, scripts, and configuration files.
Workflow Examples
Daily workstation upkeep
css
winget upgrade --all --include-unknownRun this from an elevated PowerShell prompt each morning. Browsers, editors, runtimes, and firmware tools stay current without visiting web pages.
Developer laptop build
powershell
winget import devbox.json
winget configure devbox.wpkg.yaml
The JSON file lists essentials like Visual Studio Code, Docker Desktop, Node.js, and PostgreSQL. The YAML file sets registry keys, config files, and fonts. Total setup time on a fast network: about forty minutes, unattended.
CI build agent refresh
A pipeline starts a clean virtual machine, then:
yaml
- powershell: |
winget install Git.Git
winget install Python.Python.3.12
winget install Nodejs.Node.LTS
winget pin add --id Git.Git --version 2.45.0Tools arrive in known versions that do not drift between runs. A single edit updates the baseline across all agents next time the pipeline queues.
Enterprise Scenarios
- Fleet patch management– Group Policy schedules a task on every desktop that calls winget upgrade –all –include-unknown. A custom log parser feeds results to Azure Monitor. Compliance dashboards flag machines that missed their window.
- Golden image maintenance– Administrators mount a Windows image offline, add App Installer, run winget import baseline.json, then apply cumulative updates. The frozen image reaches deployment with current applications already installed, saving bandwidth on first boot.
- Secure development station– A secure build lab pins compilers and SDKs. Only a private feed is enabled, and the default source is disabled through policy. Analysts review each incoming manifest before merging it.
Security Considerations
- Hash verification – WinGet downloads the installer, computes its SHA-256, and compares it to the manifest. If the numbers differ, the operation stops.
- SmartScreen reputation – Installers pass through standard Windows reputation checks.
- Group Policy controls – Administrators may block experimental features, force elevation, or restrict sources to an allow list.
- Pinning – Locks mission-critical apps to tested versions until manual review approves upgrades.
- Signed packages – MSIX installers include digital signatures. MSI and EXE files rely on the hash but can also carry Authenticode signatures.
Together these layers reduce the chance of malware or supply-chain surprises entering the machine.
Troubleshooting
| Issue | Explanation | Fix |
| Installer failed with exit code 1223 | User canceled UAC prompt or closed installer window | Re-run from elevated shell and leave the window alone |
| Package still old after upgrade | Package is pinned | winget pin remove <Id> then upgrade |
| Duplicate items in list | Vendor left previous version registered | Uninstall old entry via Control Panel or winget uninstall |
| App missing from search | Publisher has no manifest | Write private manifest or request addition on GitHub |
| Silent install hangs | Manifest lacks quiet switch | Add correct switch in custom manifest or run interactive installer |
A quick uninstall followed by a fresh install clears many stubborn cases.
Comparing WinGet, Chocolatey, and Scoop
| Factor | WinGet | Chocolatey | Scoop |
| Default catalog size | ~4,300-10,000 | ~9,500 | ~1,100 |
| Hash required | Always | Optional | Optional |
| Installer types | MSI, EXE, MSIX, ZIP | MSI, EXE, script mix | Mostly portable archives |
| Policy integration | Group Policy templates, Entra ID feeds | Licensed Chocolatey for Business | Manual policies |
| Typical audience | Administrators, desktop users | Automation engineers | Developers who prefer portable tools |
| GUI wrappers available | WinGetUI, WingetStore | Chocolatey GUI | Few community efforts |
The tools are not exclusive. Many teams run Scoop for command-line utilities, Chocolatey for scripts that predate WinGet, and WinGet for mainstream desktop software.
Best Practices
- Keep scripts explicit
Write full Id strings and version pins when stability matters. Avoid vague search terms in automation. - Store manifests in version control
Treat configuration files and exported package lists as code. Review pull requests before merging to production. - Run upgrades before backups
Apply winget upgrade –all –include-unknown first, then capture the image or snapshot. The backup includes the latest patches. - Test new versions in a ring
Pilot PCs receive upgrades a week early. If no issues appear, roll to the next ring. Pin problematic apps until the vendor ships a fix. - Audit private feeds
Require code signing and hash checks on internal packages. Rotate storage keys and audit access logs.
Future Developments
The project roadmap lists:
- Delta updates – WinGet will download only changed blocks, cutting bandwidth for large apps such as Microsoft 365.
- COM and PowerShell modules – Rich API surfaces will allow native GUIs and remoting without parsing console text.
- Simpler feed templates – A public schema for static JSON feeds will let teams publish manifests from any hosting service with minimal setup.
- Installer rollback – Planned support for automatic rollback if a new version fails health checks during first launch.
Community pull requests continue to add locales, installer types, and telemetry toggles.
Wrapping Up
WinGet gives Windows the single-step software management experience that Unix package managers offered for years. For beginners the benefit appears the moment they install PowerToys with one command instead of five clicks. For experts the tool locks production images to exact versions, automates fleet upgrades, and powers repeatable build pipelines. Add it to your toolbox, write a few manifests, and you will spend far less time chasing installers and far more time on work that matters.
