Skip to main content
Root Library Catalog delivers patched packages for Python, JavaScript, Java, Go, .NET, and PHP. There are two ways to consume them: This guide covers the registry proxy approach. See Root Patcher CLI for the CLI-based approach.

Prerequisites

1. Install the Root Patcher CLI

The Root Patcher CLI (rootio_patcher) is required to pull Root-secured packages into your environment.
For macOS Intel and Windows, see the full installation instructions.

2. Set your API key

Get your API key from Settings → Token Management in the Root platform, then export it:

3. Your standard package manager

Have pip, uv, Poetry, npm, pnpm, yarn, Maven, Go, the .NET SDK, or Composer already installed.

Python - pip, uv, Poetry

All Python tools authenticate via ~/.netrc:
Then point your package manager at Root:
See the full Python guide for per-tool details and CI/CD configuration.

JavaScript - npm, pnpm, yarn

Root serves patched JavaScript packages under the @rootio/ scope. Authentication uses base64-encoded credentials:
Patched packages are applied via overrides in package.json - no changes to import statements needed:
See the full JavaScript guide for pnpm, Yarn 1, and Yarn 3 variants.

Java - Maven

Configure ~/.m2/settings.xml to mirror Maven Central through Root:
Then export your token and run Maven as usual:
See the full Java guide for the complete settings.xml and CI/CD setup.

Go - Go modules

Configure GOPROXY to authenticate with Root’s module proxy:
Then use the Root Patcher CLI to add replace directives to your go.mod:
The patcher adds entries like:
Your import statements remain unchanged - the replace directives transparently redirect module resolution to Root’s patched versions. See the full Go guide for checksum verification, multi-module projects, and CI/CD setup.

.NET - NuGet

Add Root as a NuGet package source:
Then use the patcher to apply Root-patched package versions (aliased RootIO.* form):
See the full NuGet guide for CI/CD configuration and troubleshooting.

PHP - Composer Beta

Use the Root Patcher CLI to analyze your composer.lock, update composer.json with patched version constraints, and run composer update to apply patches:
The patcher adds pkg.root.io/composer/ as a Composer repository and pins affected packages to their patched versions. The vendor/ directory is fully populated after the patcher runs — no separate composer install needed.
composer.lock must exist before running the patcher. Run composer install first if it is missing. Future composer install runs in CI/CD require COMPOSER_AUTH to be set so Composer can fetch patched packages from pkg.root.io/composer/.
See the full Composer guide for CI/CD configuration and troubleshooting.