Homebrew 6.0.0
6 hours ago
- #Package Manager
- #Security
- #Homebrew
- Homebrew 6.0.0 introduces tap trust security mechanism to reduce risks from malicious or compromised taps.
- New faster, smaller default internal Homebrew JSON API improves performance.
- Linux sandboxing aligns Linux with macOS for enhanced security.
- Better defaults include 'ask' mode for developers and dependency summaries.
- brew bundle improvements include parallel formula installation and npm/krew support.
- Performance enhancements: faster startup, brew leaves ~30% faster, parallel bottle fetching.
- Initial support for macOS 27 (Golden Gate) added.
- Security advisories addressed: POST download strategy bypass, root code execution via Git hooks, macOS installer package vulnerability.
- Deprecations: default opt-ins, bundle/internal API environment variables, unused options.
- New features: brew exec command, brew as-console-user command, improved brew info output.
- Download cooldowns added for Bundler, RubyGems livecheck to avoid upstream supply-side security risks.
- Services: systemd timers, automatic service path directories.
- Install steps framework simplifies postinstall, preflight, postflight behavior as DSL data.
- Homebrew is a non-profit project run by volunteers, donations support development.
- BrewUI is upcoming graphical interface; brew-rs experiment concluded.
- Homebrew expands to Windows with winget support in brew bundle.
- Supply chain security improvements: sandboxing, environment filtering, cooldowns.
- Documentation updates: tap trust, supply chain security, responsible AI usage.