6.0.0

Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).

✨ Highlights since 5.1.0

🔐 Tap trust

Homebrew 6.0.0 introduces tap trust. A third-party tap can contain arbitrary, unsandboxed Ruby that runs on your machine, so Homebrew now requires taps (and tap-qualified formulae and casks) to be explicitly trusted before their code is evaluated or run. This reduces the risk from malicious or compromised taps while leaving the official Homebrew taps trusted by default. See the new Tap-Trust documentation for details.

Homebrew enforces initial tap trust so untrusted taps are flagged before their code runs, trusts qualified tap items before install, stops auto-tapping untrusted taps, pins tap allow, forbid and trust lists to remotes and uses tap trust when evaluating all formulae and casks. brew tap gains commands for managing tap trust, can trust a tap by its remote URL, brew trust adds a --json=v1 flag and brew tap-info adds a trusted field. brew bundle honours the trusted: option and brew bundle dump records trusted bundle entries, marking custom-remote taps as trusted. docs.brew.sh has new pages, including Tap-Trust, explaining Homebrew’s new tap trust model, and Homebrew trusts taps in test-bot.

⚡ Default internal JSON API

The internal JSON API is now the default, advancing the smaller API that Homebrew re-enabled and turned on for developers recently. It combines all Homebrew’s metadata into a single download, so brew updates faster and talks to the network less. It was opt-in via HOMEBREW_USE_INTERNAL_API since 5.0.0; that variable is now deprecated (see below).

🐧 Linux sandbox

The Linux Bubblewrap sandbox aligns Linux with macOS, where build, test and postinstall phases already run sandboxed.

It is on by default for developers, Homebrew moved its macOS sandbox logic to share code, improved Linux sandbox behaviour (with Homebrew/homebrew-core setting the sandbox env in CI), hardened sandboxed install phases, sandboxed cask executable hooks, allowed logs in the build sandbox, installed Bubblewrap on hosted Ubuntu and skips sandbox setup for syntax-only jobs.

⚙ Better defaults

Following our Homebrew user survey, we have made many changes based on the results. The most notable is making ask mode the default for developers, so brew install and brew upgrade show a dependency summary and confirmation prompt before making changes. Homebrew adds ask dependency plans and cask support, accepts one-key ask confirmations and aligns ask dry-run prompts. Homebrew fetches ask upgrades together, prints the ask upgrade summary sooner, skips the upgrade ask prompt when empty, adds a final brew upgrade summary and explains the upgrade metadata fetch.

📦 brew bundle

brew bundle gains many improvements, most notably parallel formula installation that now runs jobs automatically by default, plus npm and krew extensions, wider cleanup support and, on Windows, winget support. Homebrew adds cleanup support to npm, cargo, go and uv extensions and asks before removing during cleanup. Homebrew runs brew bundle krew via kubectl-krew directly, respects CARGO_HOME and friends for cargo, adds a --describe flag to brew bundle add and tries mas install before falling back to mas get. Homebrew adds bundle type disable flags, improves check guidance and checks formula link status. Homebrew serialises formula locks, makes non-core DSLs a single file, removes description comments from brew bundle/remover and avoids parsing the output of brew services list. brew bundle performs npm installs more securely.

🏎 Performance

Homebrew is faster across the board, with startup performance tweaks, a ~30% faster brew leaves, parallelised bottle tab fetching on upgrade and less work loading Ruby libraries at startup.

🍎 macOS 27 (Golden Gate)

Homebrew adds initial support for macOS 27 (Golden Gate).

🔮 Upcoming changes

macOS 27 (Golden Gate) drops Intel support, so per our Support Tiers: in September 2026, macOS Intel x86_64 moves to Tier 3 with no CI support and no new bottles (binary packages) built for macOS Intel; in September 2027, macOS Intel x86_64 will be unsupported entirely and all related code deleted. The master to main migration begun in 4.6.0 continues: more repositories no longer update master, GitHub Actions warn @master users to migrate to @main and the sync-default-branches workflows are removed from Homebrew/homebrew-cask and Homebrew/homebrew-core. Casks that fail macOS Gatekeeper checks, deprecated in 5.0.0, remain on track to be disabled in September 2026.

🔒 Security

🚨 Security advisories

Homebrew published three security advisories:

The POST download strategy bypassed the documented HTTPS-to-HTTP redirect protection by discarding the resolved URL (GHSA-7699-qf8c-q47m), fixed by enforcing secure redirects. Root code execution was possible via Git hooks in the macOS .pkg postinstall (GHSA-6689-q779-c33m), fixed by cleaning Homebrew git state and replacing the installer git directory. The macOS installer package trusted a user-controlled /var/tmp plist and could assign Homebrew ownership to a local attacker (GHSA-59v8-x8q4-px5c), fixed by tweaking the macOS .pkg package-user plist handling.

🛡 Other security improvements

Homebrew filters sensitive environment variables during Ruby evaluations and defers HOMEBREW_* environment secrets to download time. Homebrew runs forbidden checks for casks and formulae before download and lets you require checksums for casks with HOMEBREW_CASK_OPTS_REQUIRE_SHA. Homebrew links to a shared security policy.

🗑 Deprecations

Homebrew deprecates default opt-ins.

Homebrew deprecates now-default bundle and internal API environment variables such as HOMEBREW_BUNDLE_NO_SECRETS and HOMEBREW_USE_INTERNAL_API. Homebrew marks unused options for deprecation. Various other Homebrew 6.0.0 deprecations. Homebrew’s SBOM support is now opt-in with HOMEBREW_SBOM.

🎁 Features

🖥 Casks

Homebrew can pin casks and supports casks in brew missing. Homebrew adds AppImage support for Linux and implements a Linux freedesktop trash for casks. Homebrew improves cask upgrades by sharing upgrade download queues, moving upgrade summaries before fetch, adding a quit opt-out and reopening closed apps during upgrade. Homebrew improves auto_updates casks: improving how they update, refining the behaviour further, gating auto-updates behind opt-in and upgrading them when the bundle version is stale. cask adds a generate_completions_from_executable DSL artifact and includes resolved artifact targets in JSON output. Homebrew shows a cask version transition in per-cask upgrade output, skips valid cached cask fetches, speeds up cask backup copies and has caskroom use the user’s primary group on Linux. brew doctor and brew cleanup handle corrupt Caskroom directories.

💻 Operating system support

Homebrew makes Linux cask requirements explicit, aligns cask macOS dependencies, supports bare depends_on :macos in casks, tracks macOS support explicitly and emits Linux variations for casks with Linux checksums. Homebrew adds a maximum macOS for cask dependencies. Homebrew/homebrew-cask adopts the new depends_on maximum_macos: syntax and fixes its macOS dependencies in Homebrew/homebrew-cask and Homebrew/homebrew-core. Homebrew adds M5 and M5 Pro/Max CPU recognition and caps the OCLP tier when macOS is outdated. Homebrew labels WSL analytics, shows the Windows build on WSL in brew config and moves the wsl? boolean from OS::Linux up to the OS module.

🚰 Taps

Homebrew recognises more equivalent tap remote forms, ignoring a .git suffix when matching GitHub remotes and consolidating tap remote normalisation. (

and more) Homebrew handles formulae and casks more uniformly across commands, installs explicitly requested taps and stops implicit tap installation. Homebrew uses worktrees for local core taps and blocks worktree updates. Homebrew shares full-name parsing helpers and uses full-name helpers for split names.

ℹ brew info and brew tap-info

brew info output is clearer: more consistent and helpful, with a Binaries section listing executables, a clearer recursive runtime dependencies line, clearer same-named conflicts and shadowed formulae and a list versions JSON output. brew info shows installed state better: the upgrade target for outdated @-versioned formulae, installed dependents with --verbose, deprecated and disabled packages in install status, installed formulae resolved from the receipt’s tap with a shadowing warning, the installed version and an upgrade hint on the headline, other installed versions and an installed info inventory. brew info and brew tap-info skip the uninstalled marker when not a problem, show more tap info for packages and brew tap-info lists formulae and casks. brew which-formula shows install status and Homebrew shows quarantine script usage.

🆕 New commands, flags and output

brew exec is a new command, like npx, that supports formulae environments. brew as-console-user is a new command for running Homebrew as the right user under MDM/root environments and brew update <formula> is aliased to upgrade. Homebrew tidies help and completions: omitting aliases from completions, hiding HOMEBREW_CASK_OPTS_* from help, hiding maintainer commands and hiding hide_from_man_page commands from brew commands. Homebrew avoids install warning annotations and warns when formula executables are shadowed on PATH.

🧊 Cooldowns, livecheck and bumping

Homebrew adds download cooldowns for Bundler, RubyGems livecheck, npm and pip defaults, PyPI resource resolution and npm and PyPI in bump to avoid upstream supply-side security risks. Homebrew prints bump skip status, messages and errors and checks RubyGems licences. Homebrew respects livecheck throttle days in audit, adds livecheck throttling by days and speeds up the formula throttle days check.