Is Homebrew safe? Should I use it?

ThatNerd · August 20, 2020, 12:32am

I’m a complete command-line noob so… yeah. Please help.

JohnAtl · August 20, 2020, 12:35am

I’ve been using it for years without any problems.

I like it better than MacPorts, as MacPorts requires root access, which gives it god-like powers. It also broke some things for me, so I stopped using it.

tjluoma · August 20, 2020, 2:41am

That’s true of the Terminal in general, but nothing particularly dangerous about Homebrew.

gposcidonio · August 20, 2020, 3:08am

@tjluoma has the right of it. Software is largely the same whether you install it from the command line or the Mac App Store. Homebrew as a distribution mechanism is perfectly safe and open source.

However anyone can ask you to brew install something. Only do so if you trust the software itself or if you trust the person telling you to install the software.

The intuition is similar as if you might be averse to install software from google if you don’t trust google.

wweber · August 21, 2020, 12:13am

Outside of the Mac App Store and Setapp, Homebrew is my package manager of choice. There’s something about being able to download and install a bunch of stuff with one command. That, and my downloads folder isn’t full of installers.

ThatNerd · September 7, 2020, 12:18am

Thanks for all the replies. I was just concerned after seeing articles like this:

Thoughts?

vco1 · September 7, 2020, 5:55am

Yes. That the article is (over) 2 years old.

ThatNerd · September 7, 2020, 4:58pm

I’m not talking about a specific issue here. Obviously that issue was found and closed a long time ago.

What’s the likelihood of that happening again?

dfay · September 7, 2020, 5:15pm

Another q. to ask is how many and what packages you actually need? You can always install them separately.

Or use MacPorts (see https://saagarjha.com/blog/2019/04/26/thoughts-on-macos-package-managers/ )

vco1 · September 7, 2020, 6:12pm

Same likelihood as someone finding a vulnerability in any other software around. Hardly any software these days is without issues.
Question too is how likely it will be that someone takes advantage of a software issue on your computer. And what damage they can cause if they do. Risk = Likelihood x Impact.

JKoopmans · April 4, 2021, 9:13am

You can do that without the command line as well if you don’t know what you are doing

To answer the question: since homebrew rarely needs elevated rights I’d consider it relatively safe.
As a package manager it’s the best I’ve used.

The terminal can look scary, but just take one step at a time and you’ll get there.
Homebrew does take a bit fiddling around every now and then, always carefully read the error messages and you’ll probably be allright.
And if you’re in trouble: there’s usually someone else that has the same issue and posts the solution on stackexchange.