Package management that meets enterprise requirements.

Security

• Vulnerability scanning: stout audit checks all installed packages against known CVE databases. Run it in CI to block vulnerable dependencies.
• Signed index updates: Every index update is signed with Ed25519 cryptographic signatures. Verify the chain of trust from index build to developer machine.
• Audit logging: Track every install, upgrade, and removal. Export logs for compliance reporting.

Isolation

• Multi-prefix environments: Install different package versions for different projects without conflicts. Each prefix is completely isolated.
• Lock files: Pin exact versions and checksums for reproducible builds across your entire organization.
• Snapshots: Save and restore complete package states. Roll back to a known-good state in seconds.

Infrastructure

• Private index hosting: Curate an approved list of packages for your organization. Internal tools stay internal.
• Air-gapped deployment: Create offline mirrors for networks without internet access. Built-in HTTP server or sync to your artifact store.
• Single binary: No Ruby, no git, no Xcode CLT. Deploy stout as a single statically-linked binary.

Compliance

stout gives you the audit trail, vulnerability scanning, and deterministic builds that security teams require — without forcing developers to leave the Homebrew workflow they know.