Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).
✨ Highlights since 5.1.0
🔐 Tap trust
Homebrew 6.0.0 introduces tap trust. A third-party tap can contain arbitrary, unsandboxed Ruby that runs on your machine, so Homebrew now requires taps (and tap-qualified formulae and casks) to be explicitly trusted before their code is evaluated or run. This reduces the risk from malicious or compromised taps while leaving the official Homebrew taps trusted by default. See the new Tap-Trust documentation for details.
Homebrew enforces initial tap trust so untrusted taps are flagged before their code runs, trusts qualified tap items before install, stops auto-tapping untrusted taps, pins tap allow, forbid and trust lists to remotes and uses tap trust when evaluating all formulae and casks.
brew tap gains commands for managing tap trust, can trust a tap by its remote URL, brew trust adds a –json=v1 flag and brew tap-info adds a trusted field.
brew bundle honours the trusted: option and brew bundle dump records trusted bundle entries, marking custom-remote taps as trusted.
docs.brew.sh has new pages, including Tap-Trust, explaining Homebrew’s new tap trust model, and Homebrew trusts taps in test-bot.
⚡ Default internal JSON API
The internal JSON API is now the default, advancing the smaller API that Homebrew re-enabled and turned on for developers recently. It combines all Homebrew’s metadata into a single download, so brew updates faster and talks to the network less. It was opt-in via HOMEBREW_USE_INTERNAL_API since 5.0.0; that variable is now deprecated (see below).
🐧 Linux sandbox
The Linux Bubblewrap sandbox aligns Linux with macOS, where build, test and postinstall phases already run sandboxed. It is on by default for developers, Homebrew moved its macOS sandbox logic to share code, improved Linux sandbox behaviour (with Homebrew/homebrew-core setting the sandbox env in CI), hardened sandboxed install phases, sandboxed cask executable hooks, allowed logs in the build sandbox, installed Bubblewrap on hosted Ubuntu and skips sandbox setup for syntax-only jobs.
⚙️ Better defaults
Following our Homebrew user survey, we have made many changes based on the results. The most notable is making ask mode the default for developers, so brew install and brew upgrade show a dependency summary and confirmation prompt before making changes.
Homebrew adds ask dependency plans and cask support, accepts one-key ask confirmations and aligns ask dry-run prompts.
Homebrew fetches ask upgrades together, prints the ask upgrade summary sooner, skips the upgrade ask prompt when empty, adds a final brew upgrade summary and explains the upgrade metadata fetch.
📦 brew bundle
brew bundle gains many improvements, most notably parallel formula installation that now runs jobs automatically by default, plus npm and krew extensions, wider cleanup support and, on Windows, winget support.
Homebrew adds cleanup support to npm, cargo, go and uv extensions and asks before removing during cleanup.
Homebrew runs brew bundle krew via kubectl-krew directly, respects CARGO_HOME and friends for cargo, adds a –describe flag to brew bundle add and tries mas install before falling back to mas get.
Homebrew adds bundle type disable flags, improves check guidance and checks formula link status.
Homebrew serialises formula locks, makes non-core DSLs a single file, removes description comments from brew bundle/remover and avoids parsing the output of brew services list.
brew bundle performs npm installs more securely.
🏎️ Performance
Homebrew is faster across the board, with startup performance tweaks, a ~30% faster brew leaves, parallelised bottle tab fetching on upgrade and less work loading Ruby libraries at startup.
🍎 macOS 27 (Golden Gate)
Homebrew adds initial support for macOS 27 (Golden Gate).
🔮 Upcoming changes
macOS 27 (Golden Gate) drops Intel support, so per our Support Tiers: in September 2026, macOS Intel x86_64 moves to Tier 3 with no CI support and no new bottles (binary packages) built for macOS Intel; in September 2027, macOS Intel x86_64 will be unsupported entirely and all related code deleted.
The master to main migration begun in 4.6.0 continues: more repositories no longer update master, GitHub Actions warn @master users to migrate to @main and the sync-default-branches workflows are removed from Homebrew/homebrew-cask and Homebrew/homebrew-core.
Casks that fail macOS Gatekeeper checks, deprecated in 5.0.0, remain on track to be disabled in September 2026.
🔒 Security
🚨 Security advisories
Homebrew published three security advisories:
The POST download strategy bypassed the documented HTTPS-to-HTTP redirect protection by discarding the resolved URL (GHSA-7699-qf8c-q47m), fixed by enforcing secure redirects.
Root code execution was possible via Git hooks in the macOS .pkg postinstall (GHSA-6689-q779-c33m), fixed by cleaning Homebrew git state and replacing the installer git directory.
The macOS installer package trusted a user-controlled /var/tmp plist and could assign Homebrew ownership to a local attacker (GHSA-59v8-x8q4-px5c), fixed by tweaking the macOS .pkg package-user plist handling.
🛡️ Other security improvements
Homebrew filters sensitive environment variables during Ruby evaluations and defers HOMEBREW_* environment secrets to download time.
Homebrew runs forbidden checks for casks and formulae before download and lets you require checksums for casks with HOMEBREW_CASK_OPTS_REQUIRE_SHA.
Homebrew links to a shared security policy.
🗑️ Deprecations
Homebrew deprecates default opt-ins.
Homebrew deprecates now-default bundle and internal API environment variables such as HOMEBREW_BUNDLE_NO_SECRETS and HOMEBREW_USE_INTERNAL_API.
Homebrew marks unused options for deprecation.
Various other Homebrew 6.0.0 deprecations.
Homebrew’s SBOM support is now opt-in with HOMEBREW_SBOM.
🎁 Features
🖥️ Casks
Homebrew can pin casks and supports casks in brew missing.
Homebrew adds AppImage support for Linux and implements a Linux freedesktop trash for casks.
Homebrew improves cask upgrades by sharing upgrade download queues, moving upgrade summaries before fetch, adding a quit opt-out and reopening closed apps during upgrade.
Homebrew improves auto_updates casks: improving how they update, refining the behaviour further, gating auto-updates behind opt-in and upgrading them when the bundle version is stale.
cask adds a generate_completions_from_executable DSL artifact and includes resolved artifact targets in JSON output.
Homebrew shows a cask version transition in per-cask upgrade output, skips valid cached cask fetches, speeds up cask backup copies and has caskroom use the user’s primary group on Linux.
brew doctor and brew cleanup handle corrupt Caskroom directories.
💻 Operating system support
Homebrew makes Linux cask requirements explicit, aligns cask macOS dependencies, supports bare depends_on :macos in casks, tracks macOS support explicitly and emits Linux variations for casks with Linux checksums.
Homebrew adds a maximum macOS for cask dependencies. Homebrew/homebrew-cask adopts the new depends_on maximum_macos: syntax and fixes its macOS dependencies in Homebrew/homebrew-cask and Homebrew/homebrew-core.
Homebrew adds M5 and M5 Pro/Max CPU recognition and caps the OCLP tier when macOS is outdated.
Homebrew labels WSL analytics, shows the Windows build on WSL in brew config and moves the wsl? boolean from OS::Linux up to the OS module.
🚰 Taps
Homebrew recognises more equivalent tap remote forms, ignoring a .git suffix when matching GitHub remotes and consolidating tap remote normalisation. (and more)
Homebrew handles formulae and casks more uniformly across commands, installs explicitly requested taps and stops implicit tap installation.
Homebrew uses worktrees for local core taps and blocks worktree updates.
Homebrew shares full-name parsing helpers and uses full-name helpers for split names.
ℹ️ brew info and brew tap-info
brew info output is clearer: more consistent and helpful, with a Binaries section listing executables, a clearer recursive runtime dependencies line, clearer same-named conflicts and shadowed formulae and a list versions JSON output.
brew info shows installed state better: the upgrade target for outdated @-versioned formulae, installed dependents with –verbose, deprecated and disabled packages in install status, installed formulae resolved from the receipt’s tap with a shadowing warning, the installed version and an upgrade hint on the headline, other installed versions and an installed info inventory.
brew info and brew tap-info skip the uninstalled marker when not a problem, show more tap info for packages and brew tap-info lists formulae and casks.
brew which-formula shows install status and Homebrew shows quarantine script usage.
🆕 New commands, flags and output
brew exec is a new command, like npx, that supports formulae environments.
brew as-console-user is a new command for running Homebrew as the right user under MDM/root environments and brew update <formula> is aliased to upgrade.
Homebrew tidies help and completions: omitting aliases from completions, hiding HOMEBREW_CASK_OPTS_* from help, hiding maintainer commands and hiding hide_from_man_page commands from brew commands.
Homebrew avoids install warning annotations and warns when formula executables are shadowed on PATH.
🧊 Cooldowns, livecheck and bumping
Homebrew adds download cooldowns for Bundler, RubyGems livecheck, npm and pip defaults, PyPI resource resolution and npm and PyPI in bump to avoid upstream supply-side security risks.
Homebrew prints bump skip status, messages and errors and checks RubyGems licences.
Homebrew respects livecheck throttle days in audit, adds livecheck throttling by days and speeds up the formula throttle days check.
⬇️ Downloads and fetching
brew fetch –all-platforms fetches every variant, Homebrew prints download error details when using concurrency, preserves partial downloads on network errors, avoids cached manifest downloads and hints when a download is HTML, not a binary.
Homebrew avoids redundant Caskroom chgrp.
🛎️ Services
Homebrew starts systemd timers for services, creates service path directories automatically (with Homebrew/homebrew-core adopting the new service path creation logic) and audits redundant service path setup.
brew services no longer fails to load with –sudo-service-user.
🧪 Formulae and packaging
Homebrew adds the VCS revision as scm_revision in the tab, supports in-repository patch files, supports CPS metadata directories and includes patches in formula to_hash.
Homebrew respects installed dependents during autoremove and cross-checks autoremove candidates against formula definitions.
🪜 Install steps framework
The install steps framework expresses common postinstall, preflight and postflight behaviour as ordered, literal-only DSL data that is exposed through the JSON APIs. Where a formula or cask only does simple file preparation, it no longer needs to download and evaluate a Ruby file at install time. Homebrew adds formula install steps, cask install steps, an audit for formula install steps, install step rebuild actions, rebuild step methods, rebuild step RuboCop checks and an audit of cask flight step conversions; homebrew/core and homebrew/cask adopt the new DSLs (post_install_steps, postinstall and flight steps). In homebrew/core and homebrew/cask this covers a large share of post_install and *flight blocks (creating directories, touching markers, moving and symlinking files), with more operation types planned.
🔀 Other changes
brew vulns is a new Homebrew tap and subcommand that checks installed packages for known vulnerabilities 🔒.
Homebrew warns for Nix-managed Homebrew.
🧹 Internals, typing and refactors
Homebrew replaces brew which-update, uses an AST for source rewrites and enforces public API visibility and docs.
Homebrew reworks command parsing: parser subcommand scaffolding, converting the bundle, services and remaining subcommands, scoping subcommand option constraints and usage help, and no longer restricting global options to subcommands.
Homebrew limits Sorbet runtime defaults and limits recursive Sorbet in test-bot.
🛠️ Continuous integration and developer tooling
The Ubuntu 24.04 CI migration flagged in 5.1.0 for 6.0.0 has now landed, raising the Linux baseline.