CodeQL documentation

pack install


codeql pack install [--force] <options>... [--] <dir>


[Experimental] Install dependencies for this qlpack.

Dependencies are resolved based on the --mode option.



The root directory of the package.


Accept a GitHub Apps token or personal access token via standard input.

This overrides the GITHUB_TOKEN environment variable.


Select output format. Choices include text (default) and json.


Specifies the specific behavior of this run of resolve dependencies.

[Default] use-lock: Use the existing qlpack.lock.yml file to resolve dependencies, or create the lock file if it does not exist.

verify: Verify that the existing qlpack.lock.yml is still valid with respect to the dependencies specified in the qlpack.yml file, or fail the lock file if it does not exist.

update: Update or create the qlpack.lock.yml based on the existing contents of the qlpack.yml file. Any existing qlpack.lock.yml will be recreated.

no-lock: Ignore the existing qlpack.lock.yml and perform resolution based on qlpack.yml file. Does not create or update the lock file.

-f, --[no-]force

Allow overwriting already existing packs.

Common options

-h, --help

Show this help text.


[Advanced] Give option to the JVM running the command.

(Beware that options containing spaces will not be handled correctly.)

-v, --verbose

Incrementally increase the number of progress messages printed.

-q, --quiet

Incrementally decrease the number of progress messages printed.


[Advanced] Explicitly set the verbosity level to one of errors, warnings, progress, progress+, progress++, progress+++. Overrides -v and -q.


[Advanced] Write detailed logs to one or more files in the given directory, with generated names that include timestamps and the name of the running subcommand.

(To write a log file with a name you have full control over, instead give --log-to-stderr and redirect stderr as desired.)

  • © GitHub, Inc.
  • Terms
  • Privacy