Homebrew 6.0.0 Introduces Tap Trust Security and JSON API
Original: Show HN: Homebrew 6.0.0
Why This Matters
Major package manager security upgrade affects millions of developers worldwide
Homebrew 6.0.0 launches with major security enhancements including tap trust mechanism requiring explicit approval for third-party taps, new internal JSON API as default for faster updates, Linux sandboxing support, and improved performance based on user survey feedback.
Homebrew 6.0.0 introduces significant security improvements with tap trust, requiring third-party taps to be explicitly trusted before their code runs to prevent malicious attacks. The internal JSON API becomes the default, combining all metadata into single downloads for faster brew updates with less network usage. Linux gains Bubblewrap sandboxing to match macOS security, running build, test and postinstall phases in isolated environments. Based on user survey results, ask mode becomes default for developers, showing dependency summaries and confirmation prompts before installations. brew bundle receives parallel formula installation, npm/krew extensions, and Windows winget support. Performance improvements span startup times and overall operations.