Chocolatey on Windows
Chocolatey is a Windows counterpart to the Linux apt package manager or yum package manager. The software offers a CLI-based package installation and management in Windows with the community-maintained package repository.
In this tutorial, you will learn to install Chocolatey on Windows 10 and learn basic Chocolatey commands.
- Windows 7+/Windows 2003+ (including Server Core, but excluding Windows Nano Server).
- .NET Framework 4.x+.
- A user account with administrator privileges.
What Is Chocolatey?
Chocolatey is a command-line package manager and installer for Windows operating systems. With the NuGet packaging infrastructure and the Windows PowerShell technology at its core, Chocolatey simplifies and automates the process of installing software and keeping it up to date.
When installing applications, Chocolatey silently configures and installs any dependencies required by the package. Chocolatey also allows users to wrap package installers, executable files, zips, and scripts into compiled packages.
Install Chocolatey on Windows
There are two ways to install Chocolatey on Windows:
- Using the Command Prompt.
- Using Windows PowerShell.
Both installations require an account with administrative shell access.
You can also install a portable, non-administrative Chocolatey version if you don’t have administrative shell access. However, the number of packages available is much smaller than the standard Chocolatey installation.
Installing Chocolatey via PowerShell involves an additional step compared to installing via the Command Prompt. Follow the steps below to install Chocolatey using Windows PowerShell:
1. Press the Windows key and type “PowerShell”. Select the Run as administrator option to open the Windows PowerShell.
2. Before installing Chocolatey, ensure that
Get-ExecutionPolicy is not restricted. This PowerShell safety feature controls the conditions for loading configuration files and scripts, thus preventing the execution of malicious programs.
Check the status by running:
In the example above, the execution policy is restricted. If the execution policy is not restricted, skip Step 3, and proceed with installing Chocolatey.
3. Unrestrict the PowerShell execution policy by running:
When prompted, type
Y to change the execution policy and press Enter to confirm.
4. Install Chocolatey by running:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Wait for the installation to complete before you start using Chocolatey.
The core of Chocolatey is the Windows Automation Language which utilizes PowerShell to perform different operations. One of Chocolatey’s most noteworthy features is the ability to keep all the installed software up to date with a single command. Thus, it helps keep all software updated with the latest security features.
Other prominent Chocolatey features are described below.
Chocolatey packages are nupkg files that contain metadata about the package’s dependencies and versioning with optional automation scripts or embedded software. The packages are compiled NuSpec files compatible with vanilla NuGet packages.
The focus is on managing packages to contain the necessary dependencies and software required for proper functioning. The compiled package file encapsulates everything, saving time by automating the installation and updating process.
Chocolatey’s package repository is one of the largest Windows repositories online. Chocolatey also allows users to search the repository and copy the installation command from the website.
Chocolatey Client Software
The Chocolatey client software allows users to connect to software repositories to download packages. The software repository can be the Chocolatey community repository, its main software repository, or an alternative one.
The unified CLI supports every Windows installer type with a single command. It means that every piece of software (MSI, EXE, etc.) can be installed using Chocolatey, eliminating the need for running installers outside the command line.
Chocolatey executes all files using choco.exe. To see the list of arguments and options Chocolatey accepts, run:
The command outputs the Chocolatey help file and all the accepted arguments and options.
The GUI app is available in the Chocolatey community repository and allows users to perform most of the tasks available using the CLI. The GUI simplifies the process for users not accustomed to using the CLI.
To install the Chocolatey GUI app, open Windows PowerShell or the Command Prompt as an administrator and run the following command:
choco install chocolateygui
When prompted, type
A and press Enter to allow Chocolatey to run all the necessary scripts and automatically resolve any dependencies.
After the installation completes, run the Chocolatey GUI app.
Combined with the Chocolatey agent, the GUI app allows non-admins to install software as well. Below is the app’s homepage.
Chocolatey allows users to install packages from remote official or custom repositories. The default repository is community-managed, and it is the largest online registry of packages for Windows. Currently, the repository contains over 9500 unique packages.
To add a custom repository, specify the source using the following syntax:
choco source add -n=[name] --source='https://[URL]'
[name]with the name for the new source.
[URL]with the repository web address.
choco source add -n=choco2 --source='https://example.com'
Alternatively, install the Chocolatey Server, an IIS-backed repository supported directly by Chocolatey. It is available as a package in the community repository.
To install Chocolatey Server, run:
choco install chocolatey.server -y
-y flag automatically answers
Yes to any prompts during the installation.
The output provides information about the installed packages and dependencies.
Chocolatey is highly secure and has a strict policy on malicious and pirated software. The following features add up to Chocolatey’s security:
Each package submitted to the Chocolatey repository goes through multiple moderation reviews, which include an automatic virus scan.
The moderation usually involves a human review to include safety, quality, and correctness checks. On the other hand, automated, machine-based moderation is reserved for trusted packages that come from trusted sources or software vendors.
Each script in the package is also revised to ensure they do only what they are supposed to, preventing malware or virus infections. The packages failing the moderation process are returned to the developers for adjustments.
CDN Download Cache
Chocolatey is open source but offers enhanced functionality, additional PowerShell functions, and exclusive features such as a CDN download cache for its licensed users.
The CDN download cache ensures that the packages on the community repository remain available even if the original website is down. This feature eliminates the possibility of getting a 404 error. A package copy is cached on Chocolatey’s private CDN, making it permanently available to licensed users.
Each cached copy is checked for viruses and checksummed to ensure there is no difference from the original package.
Another Chocolatey security feature available to licensed users is the runtime antivirus protection during package download and installation. Users can choose between scanning packages with VirusTotal or integrating Chocolatey with their installed antivirus software. The default setting is to use VirusTotal.
When the packages download content from the Internet, Chocolatey CLI automatically checks any executables before running. The packages are scanned against more than 50 antivirus scanners.
The CLI automatically fails the install if any results return positive for viruses. In case of a fake positive, users can override the process and install the content anyway.
Since some scanners are more rigorous than others, Chocolatey CLI doesn’t flag a package as positive until at least five scanners identify it as such. The value can be adjusted to a higher or lower number using the following syntax:
choco config set virusCheckMinimumPositives [number]
For example, the following command instructs Chocolatey CLI to fail any future installations if there are ten positive virus scans:
choco config set virusCheckMinimumPositives 10
The Chocolatey for Business plan includes the auditing feature to allow users to keep track of who installed a package and the exact installation time and date. The provided information is often critical for audit reports. The installation date and time are in ISO 8601 UTC time.
To view installed packages along with information on the user who installed the package and the installation time, run:
choco list -lo --audit -r
Basic Chocolatey Commands
After installing Chocolatey, start with the basic commands, such as searching, installing, or listing installed packages. Run the commands either in Windows PowerShell or in the Command Prompt.
The following table shows an overview of the basic commands, of which the most important ones are further explained in the sections below:
|Search remote or local packages. Alias for |
|See a list of installed packages.|
|Install a package.|
|Prevent further package upgrades.|
|Update a package to the latest version.|
|Uninstall a package.|
|Push a compiled nupkg package to the specified source.|
|Show and configure default Chocolatey sources.|
|Show the Chocolatey help file.|
|Export the list of currently installed packages.|
|Download packages from remote resources to local ones.|
|Convert a package from one type to another.|
Use the following syntax to install one or multiple packages:
choco install [pkg|packages.config] [pkg2 ...]
- Any package name ending with .config is considered a packages.config file.
For example, to install the 7zip package from the default repository, run:
choco install 7zip -y
upgrade command upgrades the specified package or list of packages. If the package is not installed,
upgrade installs it instead.
The syntax is:
choco upgrade [pkg] [pkg2 ...]
For example, to upgrade the Opera browser package, run:
сhoco upgrade opera
Since there is no new version available, Chocolatey states that the package version is already the latest available.
Update All Programs
all flag to the
upgrade command to update all installed packages. Run:
choco upgrade all
Search For a Program
search command allows users to search for a package locally or remotely. Although
search is currently an alias for the
list command, starting from version 2.0.0,
list will work only for local and installed packages.
find will be used for remote sources as well.
The syntax for searching for a package is:
choco search [pkg]
For example, to search for 7zip packages, run:
choco search 7zip
The command outputs all the results from the search along with the program version and a description (if available).
See Installed Programs
list command allows users to see all the programs installed on their system using Chocolatey. Run the following command:
choco list --local-only
The output shows a list of packages on the system installed using Chocolatey.
It is important to periodically check for new program version because each new version may address important security issues or include bug fixes and patches. Run the following command to update the Chocolatey client to the latest available version:
choco upgrade chocolatey
The program checks for a new version and installs it when available. Alternatively, the output is a message saying that your version is the latest available version.