alt Hacker NewsShow HN: Homebrew 6.0.0
Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).
Happy to discuss any questions here!
Comments
I have switched my full OS-level dev env to https://mise.jdx.dev/ from Homebrew+pipx+npm, initially as an experiment but found out that it actually works amazingly well. Many things get installed directly from GitHub releases or a corresponding package manager (uv, pnpm, go get ...), zero glue code to "repackage", zero version lag. You can install any arbitrary version of a package, even multiple ones at once, and dynamically adjust which ones are active per working folder or explicitly through environments.
Funnily Mise does not support dependencies, and I was quite surprised that it mostly doesn't matter, as either pnpm/uv handles that, or it's a static binary that just works. In the past, had the unfortunate experience of packaging a Python application for Homebrew (the ridiculous process involved importing around 50 dependencies as "resources", building every single one from source or manually checking if it's already on Homebrew, declaring build toolchains for 5 different programming languages as dependencies, waiting over an hour for CI to finish on every update, then an upstream update introduced a "build-time dependency loop" and the project suddenly became unpackable for Homebrew) so I totally get why Mise took the "easy way out" and just relies on language-specific package managers directly.
Only thing from my Brewfile that I couldn't replace was the Docker CLI (needed to interact with Colima). And I still use Homebrew for casks. I encourage others to experiment with their dev setups, there are some amazing new tools out there.
Thanks for all the hard work.
We are not many [1], but Homebrew has been a great way to quickly bootstrap an environment in immutable Linux distributions.
Note that certain operating systems such as Universal Blue's Bazzite (1.28%), Bluefin (0.49%) and Aurora (0.28%) default to bundling Homebrew [2].
I was so impressed with Homebrew, I've added a formula for far2l-tty.
Thanks for your job!
I recently switched back to Homebrew from Nix, and the three big factors in that switch are:
- Brew seems to have better support for the packages it has, compared to Nix where it seems a percentage of packages are not as well maintained,
- Better Mac support; some Nix packages have features disabled on macOS, I think just because the maintainers of this packages don’t have a Mac for testing,
- Better UX.
Obviously I miss the reproducibility of Nix environments and the ability to easily create my own flakes with specific packages, but on the balance, Brew has won me back. (I still like Nix, and FWIW we use Nix at work.)
Thanks for the update. Is there any chance we can get some kind of cooldown mechanism in Homebrew?
The only people I want to trust to quickly ship new code to my machine are Apple and my browser (which handles more untrusted input than anything else).
For everything else (vscode and its extensions, npm, homebrew, and all the apps that self-update), I prefer to err on the side of waiting a few days.
Some exceptional 0days might warrant a cooldown bypass, but even in its current form users are vulnerable to 0days until they run brew upgrade.
The deprecation of Intel support is agressive! Every Mac enthusiast I know who uses a Mac as a server uses their old machines, which are pretty much all Intel. We'll lose support from you guys a year before Apple!
I know supporting Intel is an ordeal and a choice, but I'm firmly on the camp that Homebrew should find a way to maintain Intel support as long as possible.
Thank you for your work on Homebrew, I use it every day. On the matter of speed and parallel downloads, how does this release compare to Zerobrew [0]?
On another note, to commenters here, I've been using brew bundle with the Brewfile more and more these days as a declarative list of all user packages installed, should I just move to Mise or Nix instead? What are the benefits and drawbacks? Last time I used Nix on my MacBook a few years ago it seemed to brick my whole system so not sure what that was about.
Is Homebrew still tied to GitHub or has there been any move to provide redundancy across multiple providers?
Also coming from what I consider traditional package managers such as apt, rpm, emerge, pkg, etc. I am still confused on cans, taps, kegs, formulas, etc. Does anyone have a good and concise guide to what all these features are?
Shoutout to all the people making Homebrew possible! You rock! Everyone should consider donating to the project: https://opencollective.com/homebrew
Homebrew 6.0.0 seems to be the first major version of brew that is heavily written using AI. There’s new document at https://docs.brew.sh/Responsible-AI-Usage that was added 11 hours ago. Do you think that these guidelines have been followed consistently since 5.0.0?
Thank you. It is just funny and interesting to note people seeing Homebrew as their choice of default package manager on linux! It shows that people clearly care about the technically better solution which has a very good UX over the native choices that linux distros made over years, be it apt or yum or something else.
I install homebrew as a first thing on my corporate amazon linux too as many system packages are lacking, and I couldn't get neovim in a different way.
I love using Homebrew but I wish there was more support for pinning. I recently setup a new remote VM and tried to use a Brewfile for my setup. Turns out I cannot pin Neovim and so had to force upgrade my setup to 0.12.
Forced upgrades are not nice.
Well, I might as well ask my tech support question here :)
I just ran the upgrade to 6.0.0, and it downloaded so many things concurrently that it killed my wifi (old router). Is there a way to cap bandwidth or maximum concurrent connections? (this is something I have to do in many download heavy apps, e.g., steam)
Is it true that contributors to homebrew need to know how to invert a binary tree?
> The master to main migration begun in 4.6.0 continues: more repositories no longer update master, GitHub Actions warn @master users to migrate to @main and the sync-default-branches workflows are removed
Speaking of important things.
How do you square advocating for the "Open Source Resistance" which touts "stop asking for permission" to do software and then saying "we need everything on MacOS to be signed and will be dropping packages that don't get Apple's permission"?
I'd consider donating, but I find that behavior to be part of squeezing free computing and participating in and advocating for the corporate erosion of ownership of one's hardware environment.
Homebrew is so good that I use it on Linux whenever possible.
Most Linux package managers cannot separate user-installed packages from system packages. This makes cleaning up your workstation nearly impossible and a pain in the ass, since you can't tell what should be removed, or more importantly, what can be removed.
Also, most native package managers update much slower than Homebrew, meaning you often only get outdated packages.
Awesome! Thank you for the update.
I noticed that homebrew updated _all_ my casks when running 'brew upgrade' (even those with "auto_updates: true" in their Cask JSON API).
Is this intended, new default behavior? This did not use to happen...
Does anyone know of a good comparison of the process to add a package to the system? I've used multiples of these sorts of user-land package managers and always find tools that aren't in the repositories that I have to install manually. It'd be great to just add these tools to an existing package manager but I've never seen this aspect of these package managers compared.
I used OSX for about a year about 10 years ago. Homebrew was what made it worth using OSX. Thanks for all the effort put into homebrew.
I'd use it today on Linux, but I'm pretty anal about only using software from the distribution repos (or compiled locally if not available.)
Homebrew is the first thing I install on a new Mac. I love it. Thank you everyone for all the work. Looking forward to 6.0 and all the security stuff yay. I hope the apps I use that their maintainers adopt the changes.
Just want to thank you, Mike. I love Homebrew and wouldn't know what to do without it. My company sponsor's the project on github and I recommend that everyone consider helping out.
For those of us who use homebrew today, how do we get the new cool benefits ? Is there a command to upgrade (like ```brew upgrade```) everything to the new hotness, do we need to uninstall everything and reinstall ?
It's probably discussed somewhere but didn't find when glancing at the OP.
Congrats on the performance improvements. That's the most pleasant `brew upgrade` session I've had in years
Thanks for your hard work!
I discovered Homebrew now sometimes asks whether I actually want to install a formula (e.g. `brew install ffmpeg` asks whether I want to install it because it has dependencies). Is there a way to disable this behavior and revert to the previous one?
Is there a way to `brew trust` inside my Brewfile? That'd be nice for the handful of formulas I install from github repos via `brew bundle --global`.
Interesting that the `brew-rs` experiment has concluded and didn't find much of a performance increase. I suppose that is expected though with a lot of the bottleneck being network IO?
Thanks for all the work you put into this over the years. Homebrew became my go-to solution for installing software on my Macs (after MacPorts) and I just realized that someone has been doing all that work for me for so long. Much appreciated!
Could really use a good rollback mechanism, is there one in the works perchance? I have broken my home server multiple times with bad InfluxDB and Grafana updates, and rollback was a huge pain. I’ve now disabled cleanup so old versions of packages are kept, but there must be a better way.
I will try this new release of brew but I have been extremely satisfied with determinate nix so far. It completely changed my confidence in installing new stuff
Thanks for producing such an amazing piece of software. Most of my Mac installations are based on Homebrew, but I have to rely on version management tools like Pyenv or nvm for Python and Node. Wish there was some standard 'Homebrew' way to install multiple versions of node, php and Python
Brew is so good... just sponsored on github. Thanks for the hard work!
I know this runs on Linux too. As a Linux user, I'm unclear on why I might use this instead of apt or dnf, for example. Any Linux users out there have experience with both Homebrew and one of these?
Such an amazing project!
Is the eventual goal to move most formula/cask behavior into declarative install steps and treat Ruby as an escape hatch?
I assume this trust issue is related to the not-infrequent MacOS notifications asking for permission to run Ruby in the background or when the machine starts. It says nothing about Homebrew though.
Dependency management is still one of the hardest jobs in systems (languages, Operating systems, distributed applications, etc) - hat's off to you and your team for the hard work keeping everything together
damn, I can't believe, it's still getting updates. found out homebrew 6 months ago, I'm awe! amazing product
Does Homebrew have good support for exact (and older) versions of packages now?
I don't understand how the tap trust improves security at all. If I'm installing something from a third-party tap, instead of running tap + install, I now run tap + trust + install? How does this protect me against compromised taps?
Thanks for the hardwork.
Does this handle macOS installs with multiple local users? I have to su into account 1 if I want to brew install something from account 2
Hell yeah, tap trust!!!
Has anyone tried it on Linux? It has been several months since I last tried it on Linux. I found some things worked but others did not. Has anyone more recent experiences here, say, within the last 6 months, on Linux specifically?
I am using my own custom "package" manager in ruby, but naturally it is nowhere near as sophisticated as homebrew. I am looking more towards complementing this, but these days I also lack time for more thorough testing, so I try to minimize pain points (and thus also less frequently use software written by others for the most part, unless it is a key project such as libreoffice and what not).
I tried hosting a homebrew tap, after hosting apt and yum repositories.
That was when I realized Homebrew is much, much harder.
Your server needs to implement the git protocol. You can't just stick it on some server with a CDN in front of it, you need to run and fortify a git server.
Strange choices IMHO.
homebrew is so nice, thank you for all your effort
Thank you!!
Hi Mike, I’m @bfontaine on GitHub (I helped maintain Homebrew in ~2014-2016). I’m always impressed at your longevity as a maintainer; it’s been like what, 16+ years you’ve been maintaining Homebrew and you’re still here, still shipping new features! Thank you for everything!