This guide covers the registry proxy approach. See Root Patcher CLI for the CLI-based approach.
Prerequisites
1. Install the Root Patcher CLI
The Root Patcher CLI (rootio_patcher) is required to pull Root-secured packages into your environment.
2. Set your API key
Get your API key from Settings → Token Management in the Root platform, then export it:3. Your standard package manager
Have pip, uv, Poetry, npm, pnpm, yarn, Maven, Go, the .NET SDK, or Composer already installed.Python - pip, uv, Poetry
All Python tools authenticate via~/.netrc:
JavaScript - npm, pnpm, yarn
Root serves patched JavaScript packages under the@rootio/ scope. Authentication uses base64-encoded credentials:
package.json - no changes to import statements needed:
Java - Maven
Configure~/.m2/settings.xml to mirror Maven Central through Root:
Go - Go modules
ConfigureGOPROXY to authenticate with Root’s module proxy:
replace directives to your go.mod:
replace directives transparently redirect module resolution to Root’s patched versions.
See the full Go guide for checksum verification, multi-module projects, and CI/CD setup.
.NET - NuGet
Add Root as a NuGet package source:RootIO.* form):
PHP - Composer Beta
Use the Root Patcher CLI to analyze yourcomposer.lock, update composer.json with patched version constraints, and run composer update to apply patches:
pkg.root.io/composer/ as a Composer repository and pins affected packages to their patched versions. The vendor/ directory is fully populated after the patcher runs — no separate composer install needed.
composer.lock must exist before running the patcher. Run composer install first if it is missing. Future composer install runs in CI/CD require COMPOSER_AUTH to be set so Composer can fetch patched packages from pkg.root.io/composer/.