Skip to content

VIPM 2026 Q3 Preview - Release Notes

VIPM 2026 Q3 Preview adds Software Bill of Materials (SBOM) generation, project synchronization with vipm sync, NI Package Manager (NIPM) dependency management in vipm.toml, and expanded CLI capabilities for automation and CI/CD.

Many of the new features and capabilities are visible in the vipm command-line interface (CLI).

Software Bill of Materials (SBOM) wtih vipm sbom CLI Command

Generate CycloneDX 1.5 SBOMs from LabVIEW projects, vipm.toml manifests, .vipc, or .dragon files. SBOMs include both VIPM and NI packages with enriched metadata, license identifiers, and cryptographic hashes — helping meet compliance requirements such as the EU Cyber Resilience Act and US Executive Order 14028.

Need help with CRA compliance?

JKI provides security consulting and tooling for LabVIEW-based systems.

Learn More about CRA Compliance and LabVIEW

Features include:

  • Multiple input types: vipm.toml, .lvproj, .dragon, .vipc
  • Product metadata: name, version, and component type
  • Stable root references (bom-ref) for SBOMs, including for packages whose Product Name contains a dotted version number
  • Dependency filtering: --no-vipm, --no-nipm, --no-dev
  • VI linker traversal for deeper dependency discovery from .lvproj files
  • CI/CD integration with GitHub Actions and Docker

See the SBOM documentation for a tutorial and workflow guidance.

Scan Projects for Dependencies with vipm sync CLI Command

Reconcile a vipm.toml manifest from the dependencies discovered in a LabVIEW project scan. This enables a workflow where you maintain vipm.toml as the source of truth — sync from your .lvproj, then generate SBOMs from the manifest without needing LabVIEW on your build machine.

vipm sync --from MyProject.lvproj
vipm sync --from MyProject.lvproj --dry-run  # preview changes

See the vipm sync command reference for full options.

Lookup Package Metadata with vipm info CLI Command

Look up metadata for any VIPM or NI package — name, version, description, vendor, license, and installed files. Supports both VIPM packages and NI packages via the --nipm flag.

See the vipm info command reference for full options.

Search VIPM and NI Packages with vipm search CLI Command

vipm search now finds NI Package Manager (NIPM) packages alongside VIPM packages, with the same filter controls as other multi-PM commands. Both managers are included by default; use --vipm or --nipm to scope results to one, or --no-vipm / --no-nipm to exclude one.

See the vipm search command reference for full options.

NI Package (NIPM) Support in vipm.toml

VIPM Community

Manage NI Package Manager dependencies alongside VIPM packages in a single vipm.toml manifest. Declare NIPM feeds, production dependencies, and dev-dependencies in dedicated [nipm.*] sections. Add, remove, and lock NIPM packages using the familiar vipm add --nipm, vipm remove --nipm, and vipm lock commands.

  • [CLI] vipm sbom on .dragon files also supports both VIPM and NI Package Manager packages.

See the NI Packages (NIPM) guide for details.

Environment Variables (Applicable to CLI, CI/CD, and Containers)

New environment variables simplify headless and CI/CD automation:

  • VIPM_NONINTERACTIVE — full non-interactive mode (auto-confirm prompts + error on missing params); auto-enabled in CI environments
  • VIPM_ASSUME_YES — auto-confirm confirmation prompts only
  • VIPM_COMMUNITY_EDITION — activate Community Edition without interactive prompts
  • VIPM_TIMEOUT — override the default operation timeout
  • VIPM_DEBUG — enable verbose debug output
  • NO_COLOR — disable colored output
  • Automatic CI environment detection for GitHub Actions, GitLab CI, Jenkins, and 9 other CI systems — non-interactive mode activates automatically so commands never hang

See the Environment Variables reference for the full list.

Enhanced CI/CD Guides

Updated Docker and GitHub Actions guides with environment variable configuration, -y flag usage in examples, and SBOM generation workflow steps.

Cancel or Time-Bound Long-Running CLI Commands

Long-running operations in the vipm command-line interface (CLI) can now be interrupted cleanly with Ctrl+C across the CLI, and vipm sbom and vipm sync additionally support the --timeout flag — useful when a project scan is taking longer than expected, or to guarantee a CI job cannot hang indefinitely.

  • Ctrl+C handling (CLI). Pressing Ctrl+C cancels the in-flight CLI operation cleanly rather than leaving the command in an indeterminate state. In addition to vipm sbom and vipm sync, this now also covers vipm install, vipm cache update, and vipm refresh.
    • vipm uninstall and vipm build are also covered (vipm build requires VIPM Community or higher).
  • --timeout flag (CLI). Sets a maximum wall-clock duration; the CLI command exits with a non-zero code if it exceeds the limit. Works alongside the existing VIPM_TIMEOUT environment variable. Applies to vipm sbom and vipm sync.

Stricter Defaults for Project-Scanning CLI Commands

vipm sync and vipm sbom now fail by default when they detect conditions that would produce incomplete or misleading output. Both failure modes are opt-out with a dedicated flag and expose the same per-entry detail on stderr when the flag is set.

  • Missing referenced files. When a LabVIEW project references files that are not on disk, the command aborts with exit code 18 instead of printing a warning and returning success. Pass --allow-missing-files to restore the previous behavior — a warning listing each missing reference is printed to stderr, and the command proceeds with whatever could be scanned.
  • Installed-package drift (vipm sbom, vipm build). When installed packages disagree with the project's declared state in vipm.toml or vipm.lock, the command aborts with exit code 17. Pass --allow-package-drift to override — a warning listing the drifted packages is printed to stderr, and the command proceeds (the SBOM or build reflects installed versions).

Migration note for automation. Scripts that previously treated exit code 0 as "output produced successfully" may need to either add the appropriate --allow-* flag or fix the underlying condition (run vipm install to reconcile drift; fix the project's file references). See the updated vipm sbom and vipm sync references for full details.

More Reliable vipm.lock with Dev-Dependencies

vipm.lock now always reflects the full resolved dependency graph — both production and dev-dependencies — regardless of which --dev flags are passed. This matches the convention of other lock-file-based package managers (pip, poetry, npm, cargo) and ensures consistent installs across environments.

  • vipm install always preserves dev-dependencies in vipm.lock. Running vipm install without --dev no longer strips dev-dependencies from the lock file; the lock file remains complete.
  • vipm lock --dev and --no-dev flags removed. Since the lock file always includes dev-dependencies, these flags no longer have an effect and have been removed in this release. Remove them from any scripts that pass them. (vipm lock requires VIPM Community or higher.)

LabVIEW Version Selection

Selecting which LabVIEW version VIPM uses is now more flexible and predictable.

  • Workspace-local override (.vipm/config.toml). Drop a .vipm/config.toml next to your project's vipm.toml to set a different LabVIEW year and/or bitness for your local checkout only — without editing the team's vipm.toml and without retyping --labview-version on every command. Useful when you haven't installed the team-pinned LabVIEW year yet, when CI runners have different LabVIEW versions than developers, or when you're preparing a version bump. The file is per-developer; add .vipm/ to your repo's .gitignore. See Workspace-Local Configuration for the full guide.
  • Bitness preferences honored consistently. When you specify --labview-bitness on the command line or set the LabVIEW bitness in vipm.toml, that preference is now consistently respected when VIPM picks the LabVIEW version to use.

LabVIEW 2024 or Newer Required for Project Scans and Builds

Commands that scan or build LabVIEW projects now fail fast with exit code 20 (LABVIEW_VERSION_TOO_OLD) when the resolved LabVIEW target is older than 2024. Install or select LabVIEW 2024 or newer to resolve.

This applies to:

  • vipm sbom on .lvproj inputs
  • vipm sync project scans (--from <project>.lvproj)
  • vipm build on .lvproj and vipm.toml builds (.vipb builds are not affected)

The error reports which LabVIEW version was selected and where the selection came from (--labview-version, vipm.toml, the .lvproj file, or auto-detection), along with the other installed LabVIEW versions you can switch to. vipm.toml, .dragon, and .vipc SBOM inputs do not require LabVIEW and are not affected.

Previously, running these commands against an older LabVIEW target would block on an OS-level dialog asking for the LabVIEW 2024 Run-Time Engine — automation and CI jobs would hang indefinitely. The new behavior is a strict improvement: fail fast, with a clear error, instead of hanging.

See the updated vipm build, vipm sbom, and vipm sync references for command-specific details.

See LabVIEW Compatibility for the supported version range and version selection.

Run CLI Package Workflows with Less Manual Setup

The VIPM CLI now makes package workflows clearer when they need VIPM Desktop or LabVIEW in the background. CLI commands show progress while startup is happening and launch VIPM Desktop and LabVIEW automatically, when needed, which is especially helpful in containers (Docker) and CI/CD environments.

  • [CLI] Visible VIPM Desktop and LabVIEW startup in the console. CLI commands that use VIPM Desktop, such as vipm install, vipm uninstall, and vipm refresh, show progress while VIPM Desktop opens.
  • [CLI] More resilient interactive login. vipm login can continue even when the system keyring is unavailable (such as in containerized and CI/CD environments).

Automatic Progress Display in Interactive Terminals

Long-running CLI commands such as vipm install and vipm cache update now show progress automatically when run in an interactive terminal — no flag required. This is a behavior change from previous releases, where progress appeared only with --show-progress.

  • Auto-on in interactive terminals. Progress renders automatically for long-running commands; you no longer need --show-progress to see it.
  • Suppressed in non-interactive contexts. Progress is automatically turned off under --json, --quiet, VIPM_NONINTERACTIVE=1, detected CI environments, or when stderr is piped or redirected, so it never pollutes machine-readable output.
  • --show-progress is now a force-on override. Use it to force progress even where it would normally be suppressed (CI, VIPM_NONINTERACTIVE, non-TTY); in those non-terminal cases it falls back to periodic single-line updates. It does not override --json or --quiet.
  • --verbose no longer emits progress. It is diagnostic output only; if you previously used --verbose to watch download progress, rely on the automatic display or pass --show-progress.

Upgrading: scripts that scrape stderr should set VIPM_NONINTERACTIVE=1 (if not already) to keep progress off the parsed channel.

Discover Installed LabVIEW Versions from the CLI

Professional Edition users can try the experimental vipm labview list command on Windows to list LabVIEW installations from the command line. This helps automation and troubleshooting scripts inspect which LabVIEW versions are available without opening VIPM Desktop.

  • Preview scope. vipm labview list is marked Experimental and requires Professional Edition while the cross-platform behavior is still being stabilized.

Refresh the VIPM and NIPM Package Lists/Caches from the CLI

vipm refresh is now the single, explicit way to update package information before running another command, with finer control over scope and clearer feedback when something goes wrong.

  • Explicit refresh, not a hidden flag. vipm refresh is the documented way to refresh package indexes before another command; the former global --refresh flag has been removed, and stale-index error hints now point to vipm refresh.
  • Scoped, faster refreshes. Target a single package manager with --vipm or --nipm to update just the indexes you need.
  • Up-to-date package lists. vipm refresh updates the CLI package cache before refreshing VIPM Desktop's package list, reducing stale results, and shows progress in interactive terminals.
  • Actionable, quieter output. When a package spec fails to download, vipm refresh reports an actionable error; full per-spec failure detail appears only with --verbose, keeping default output quiet.

Additional improvements

  • [CLI] LabVIEW project scans run faster on large projects, so vipm sync and vipm sbom complete more quickly on sizeable .lvproj files.
  • [CLI] vipm search, vipm build, and vipm sbom reliably find and use the active vipm.toml up the CWD parent directories.
  • [CLI] Now shows activation expiration in vipm about.
  • [CLI] Passing --vipm or --nipm to a command that doesn't accept them now produces a clear, consistent error.
  • [CLI] A non-VIPM TOML file named vipm.toml is now rejected with a clear error rather than partially parsed.
  • [CLI] vipm.lock package ordering is now stable across machines and platforms, so vipm lock no longer produces spurious diffs.
  • [CLI] vipm install now displays the correctly resolved LabVIEW version name instead of a raw version identifier.
  • [CLI] vipm install failures now surface the underlying error output, making container/headless CI/CD troubleshooting easier.
  • [CLI] vipm uninstall is now available in Free Edition, matching vipm install — previously, removing packages from the command line required a higher edition.

Need Help?