opencode

by SSTv1.17.4

Last updated Jun 12, 2026

The AI coding agent built for the terminal.

Install with winget

$ winget install --id SST.opencode --exact --version 1.17.4

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

opencode is an AI coding agent built for the terminal. It features:

- A responsive, native, themeable terminal UI.

- Automatically loads the right LSPs, so the LLMs make fewer mistakes.

- Have multiple agents working in parallel on the same project.

- Create shareable links to any session for reference or to debug.

- Log in with Anthropic to use your Claude Pro or Claude Max account.

- Supports 75+ LLM providers through Models.dev, including local models.

Installers · v1.17.4

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct
arm64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

high8.8Patched in wingetCVE-2026-40068affects before 2.1.84May 5, 2026
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted,...
Vendor advisory
critical10.0Fix in v2.1.64CVE-2026-39861affects before 2.1.64Apr 20, 2026
Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed proc...
Vendor advisory
high7.3Fix in v2.1.75CVE-2026-35603affects before 2.1.75Apr 17, 2026
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData dire...
Vendor advisory
critical9.8Fix availableCVE-2026-35022affects <=2.1.91Apr 6, 2026
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without input validation. Attackers who can influence authentication settings can injec...
high7.8Fix availableCVE-2026-35021affects <=2.1.91Apr 6, 2026
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or bac...
high8.4Fix availableCVE-2026-35020affects <=2.1.91Apr 6, 2026
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can in...
high8.8Fix in v2.1.53CVE-2026-33068affects before 2.1.53Mar 19, 2026
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
Vendor advisory
critical10.0Fix in v2.1.2CVE-2026-25725affects before 2.1.2Feb 6, 2026
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/s...

Showing 8 of 25. Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

ClaudeAnthropic, PBC
Anthropic.Claudev1.12603.1
Your AI partner on desktop. Fast, focused, and designed for deep work.
C
Codex CLIOpenAI, Inc.
OpenAI.Codexv0.139.0
Codex CLI is an open‑source local coding agent that runs in your terminal, letting you write, edit, and understand code without leaving the command line.
Notepad++Notepad++ Team
Notepad++.Notepad++v8.9.6.4
Notepad++ is a free source code editor that supports several languages.
Claude CodeAnthropic PBC
Anthropic.ClaudeCodev2.1.175
Unleash Claude’s raw power directly in your terminal. Search million-line codebases instantly. Turn hours-long workflows into a single command. Your tools. Your workflow. Your codebase, evolving at thought speed.
AntigravityGoogle
Google.Antigravityv2.0.11
Experience liftoffwith the next-gen agent platform
Qwenqwen.ai
Alibaba.Qwenv1.0.3
Chat about email, screenshots, files, and anything on your screen.

More from SST or browse ai, code, coding.

Frequently asked questions

How do I install opencode on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id SST.opencode --exact --version 1.17.4. winget downloads the installer from SST and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install opencode silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id SST.opencode --exact 1.17.4 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall opencode via winget?

Run: winget uninstall --id SST.opencode --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from opencode's Apps & Features entry.

Is opencode free?

opencode is distributed under MIT. Refer to the publisher (https://opencode.ai/) for the full license terms - Wingetly itself does not charge for installation.

Does opencode work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls opencode directly from the publisher.

How do I keep opencode up to date?

Run winget upgrade --id SST.opencode --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of opencode from microsoft/winget-pkgs.

Recent versions

1.17.4latest
1.17.3
1.17.2
1.17.1
1.17.0
1.16.2
1.16.0
1.15.13
1.15.12
1.15.11