Homebrew tightens tap security, begins work on its interface

Anyone who installs software through a third-party Homebrew tap runs Ruby code written by people outside the project, and that code runs without a sandbox. That risk sits at the center of Homebrew 6.0.0.

Tap trust

Homebrew now requires a tap, along with any tap-qualified formula or cask, to be trusted before its code is evaluated or run. The official Homebrew taps stay trusted by default. The brew tap command gains options for managing trust and can trust a tap by its remote URL, and brew tap-info reports a trusted field. The brew bundle command honors a trusted option, and brew bundle dump records trusted entries.

Sandboxing and security fixes

A Bubblewrap sandbox arrives on Linux and aligns it with macOS, where build, test, and postinstall phases already run inside a sandbox. The Linux sandbox runs on by default for developers. Homebrew published three security advisories with this release. One covered a POST download strategy that bypassed HTTPS-to-HTTP redirect protection. Another covered root code execution through Git hooks in the macOS package postinstall step. The third covered a macOS installer that trusted a user-controlled plist in /var/tmp and could assign Homebrew ownership to a local attacker. Each received a fix.

An official interface

BrewUI is an official graphical interface for Homebrew. It remains under development, with general availability still ahead.

“Various people over the years have requested and built various Homebrew GUIs. We looked around to see if there were any that were open source, well maintained and met all the requirements we were looking for and didn’t find any so built one ourselves. It’s probably aimed a little more at newcomers than experienced Homebrew users but it is being designed to be suitable and usable for both,” Mike McQuaid, Homebrew Project Leader, told Help Net Security.

Performance and defaults

The internal JSON API becomes the default. It combines Homebrew’s metadata into a single, smaller download, so updates run faster and contact the network less often. The API was opt-in through an environment variable since 5.0.0, and that variable now carries a deprecation. Startup gained several tweaks, brew leaves runs about 30 percent faster, and bottle tab fetching happens in parallel during upgrades.

Results from a Homebrew user survey led to ask mode becoming the default for developers, so brew install and brew upgrade show a dependency summary and a confirmation prompt before changing anything. The brew bundle command can install formulae in parallel and runs jobs automatically by default, with added support for npm, krew, and Windows winget.

macOS 27 and the Intel timeline

Homebrew adds initial support for macOS 27, named Golden Gate. That release drops Intel support. In September 2026, macOS Intel x86_64 moves to Tier 3, with no continuous integration and no new binary packages. In September 2027, macOS Intel x86_64 becomes unsupported, and the related code will be removed.