MCPM is a cross-platform package manager for Minecraft mods, written in Rust.
It automates downloading, updating, and managing Minecraft mods — like npm or cargo, but for Minecraft.
It is CLI-first but I'm planning a future release with an optional Tauri + Vue.js GUI.
Hobby project in active development. Expect breaking changes.
- CLI-first tool built with Clap
- Mod management via Modrinth API
mcpm add— add a mod to your manifestmcpm remove— remove a modmcpm install— install or update all modsmcpm upgrade— upgrade mods to newer compatible versionsmcpm outdated— check which mods are outdatedmcpm search— find mods interactively
- Lockfile system (
mcpm.lock) for reproducible installs - Semantic versioning support (
^1.2,>=1.20, etc.) - Offline caching of downloaded mods
- Cross-platform (Windows, macOS, Linux)
- Planned:
- More sources like Curseforge, Github, Gitlab
- Restructure mod entry into an object:
- Slug (as object key) - Human friendly identifier or an ID if slug not available
- Version - supports semantic versioning and range matching
- Providers - List of sources to search for updates for this mod
- Name - User friendly name
- Author - Author's name or username
- Description - Short description from mod page. Can be overrided by the user and can be used for notes about the mod.
- Accepted Minecraft versions - Override the accepted Minecraft version when searching for a mod version
- Disabled - Disable mod from being installed (useful when a mod yet has to be updated to the newest Minecraft version)
- Resource pack management
- Datapack management
- Shader and texture pack support
- Graphical interface via Tauri (Vue.js frontend)
- Test suite (eventually… I promise)
You can use MCPM without building it yourself.
The distributed executables are not code-signed and will show an “Unknown Publisher / Unidentified Developer” warning from the OS. This is expected, see Bypassing OS warnings. You can verify any download before running. See Verify Downloads for verification steps.
Head to the Releases page and download the latest binary for your platform.
# Pull the latest image
docker pull ghcr.io/RWConnected/mcpm:latest
# Run MCPM in a container (mount your modpack folder)
docker run -it -v $(pwd):/data ghcr.io/RWConnected/mcpm:latest mcpm initBoth binaries and Docker images include the CLI by default.
If you want to install MCPM on your system without using a prebuilt binary or Docker, you can build it directly from source using Cargo.
git clone https://github.com/RWConnected/mcpm.git
cd mcpm
cargo install --path src-tauriThis will:
- Compile MCPM in release mode
- Install the binaries (mcpm and mcpm-cli) into ~/.cargo/bin
- Make them available globally (ensure ~/.cargo/bin is in your PATH)
You can then run:
mcpm-cli --helpMCPM is a personal hobby project. Ideas, bug reports, and pull requests are very welcome — they help shape the tool and inspire new directions.
That said, please note:
- This is not my main focus, so reviews or responses may take time.
- Contributions might be declined if they don’t align with the project’s direction or goals.
- To avoid wasted effort, it’s best to open an issue first to discuss major ideas before starting work.
Even if a contribution isn’t merged, your input is still appreciated — it helps improve MCPM over time.
By submitting a contribution, you confirm that you have the right to do so and that any included third-party material is compatible with the Apache 2.0 license. Please mention external sources explicitly in pull requests if reused.
- Rust toolchain
- Optionally: Yarn for the Vue.JS frontend (Not yet implemented)
git clone https://github.com/RWConnected/mcpm.git
cd mcpm/src-tauri
cargo run -- <command> [options]Example:
cargo run -- add sodium --search| Path | Purpose |
|---|---|
src-tauri/src/ |
Frontend (Vue.js) code |
src-tauri/src/app/commands |
Entrypoint for every command |
src-tauri/src/app/modules |
Modules that encapsulate specific functionality |
src-tauri/src/app/modules/core |
Core logic used by both CLI and GUI |
src-tauri/src/app/helpers |
Shared helper functions that as haven't found its way into a module |
src-tauri/src/app |
Core logic (manifest, repositories, I/O, commands) |
Before running the binary and following these instructions, make sure you trust the binaries first! See Verify Downloads for verification steps.
- Run the executable as you normally would.
- When “Windows protected your PC” appears:
- Click More info
- Click Run anyway
Alternatively, you could trust the binary through PowerShell:
Unblock-File -Path .\mcpm.exe- Run the executable as you normally would.
- If blocked as “unidentified developer”:
- Control-click the app → Open → Open again
- Or allow it under System Settings → Privacy & Security → Allow Anyway
Alternatively, you could trust the binary through CLI:
xattr -cr /path/to/mcpm.app
sudo spctl --add /path/to/mcpm.appTo ensure the binary is authentic and unmodified:
- Download files
From the GitHub Releases page, download:
- The binary (mcpm-.zip or mcpm-.tar.gz)
- Its signature (.sig)
- The checksum file (.sha256)
- The public key (publickey.asc)
- Verify checksum
Confirm the file was not corrupted.
Windows:
certutil -hashfile mcpm-*.zip SHA256macOS/Linux:
shasum -a 256 mcpm-*.tar.gzCompare the result to the contents of the .sha256 file.
- Verify signature
Validate that Rickiewars signed the release.
gpg --import publickey.asc
gpg --verify mcpm-*.sig mcpm-*.tar.gzIf output includes “Good signature from "Rickiewars"”, verification succeeded
This project is licensed under the Apache License, Version 2.0.
You may use, modify, and distribute the software in compliance with that license.
See the LICENSE file for details.