Homebrew 6.0.0 Makes You Trust Your Taps

If you run brew, you've probably added a third-party tap without thinking twice — a one-liner from a project's README, a quick brew tap some/thing, done. The uncomfortable truth that Homebrew has now decided to confront head-on: a tap is just a Git repo full of arbitrary, unsandboxed Ruby that gets evaluated on your machine. Version 6.0.0, announced 11 June 2026 by maintainer Mike McQuaid, treats that as the supply-chain hazard it always was.

The headline feature is tap trust, and alongside it the Bubblewrap sandbox that macOS users have had for years finally lands on Linux. Both are squarely aimed at the same problem: code you didn't write running with your privileges, on your hardware, often as a side effect of installing something completely unrelated.

Tap trust: deny-by-default for third-party code

Until now, the trust model for taps was essentially "you typed the command, so you must have meant it." That's fine right up until a tap is compromised or a typo'd name points somewhere malicious. Homebrew 6.0.0 flips the default: taps — and tap-qualified formulae and casks — must be explicitly trusted before their code is evaluated or run.

The official Homebrew taps stay trusted out of the box, so installing wget or ripgrep doesn't suddenly sprout new prompts. Everything else is gated. Concretely, the new model:

• Flags untrusted taps before their code runs, rather than after it's already been parsed.
• Stops auto-tapping untrusted taps — the implicit "I'll just go grab that repo for you" behavior is gone for anything outside the trusted set.
• Pins the allow, forbid and trust lists to specific remotes, so trust is tied to a URL rather than a name that could be re-pointed.
• Uses tap trust when evaluating every formula and cask, not just at install time.

The tooling grew to match. brew tap gets subcommands for managing trust and can trust a tap by its remote URL; brew trust adds a --json=v1 flag for scripting; and brew tap-info now reports a trusted field so you can audit what's currently allowed. There's new Tap-Trust documentation spelling out the model.

This matters most for teams. If you manage fleets of developer machines or CI runners, deny-by-default for third-party package code is exactly the posture you want — and brew bundle was updated to support it, honoring a trusted: option and recording trusted entries (marking custom-remote taps as trusted) when you run brew bundle dump. So your Brewfile can now encode trust decisions instead of leaving them to whoever runs brew install next.

Bubblewrap comes to Linux

On macOS, Homebrew already runs build, test and postinstall phases inside a sandbox. Linux users got none of that — until now. Version 6.0.0 brings a Bubblewrap-based sandbox to Linux, aligning the two platforms.

Bubblewrap is the same unprivileged-container tool that backs Flatpak's sandboxing, so this is a well-trodden mechanism rather than something Homebrew invented. To avoid duplicating logic, the project moved its macOS sandbox code into a shared layer that both platforms now use. The rollout is deliberately staged: it's on by default for developers first, with Homebrew/homebrew-core setting the sandbox environment in CI. The release also hardened sandboxed install phases, sandboxed cask executable hooks, and — a small but telling detail — allowed logs to escape the build sandbox so you can still debug failures.

The practical upshot is that a formula's build and postinstall scripts on Linux can no longer freely rummage around your filesystem during installation. That's a meaningful narrowing of the blast radius for a compromised or buggy formula, and it brings Linux closer to parity with the macOS experience.

Three CVEs, quietly fixed

Not every security change is a new feature. Homebrew shipped three advisories with this release, each worth a look if you script around brew or trust its installer:

• GHSA-7699-qf8c-q47m — the POST download strategy bypassed Homebrew's documented HTTPS-to-HTTP redirect protection by discarding the resolved URL. Fixed by enforcing secure redirects.
• GHSA-6689-q779-c33m — root code execution was possible via Git hooks in the macOS .pkg postinstall. Fixed by cleaning Homebrew's git state and replacing the installer's git directory.
• GHSA-59v8-x8q4-px5c — the macOS installer package trusted a user-controlled plist in /var/tmp and could hand Homebrew ownership to a local attacker. Fixed by reworking the package-user plist handling.

There's a theme here: all three are about trusting state an attacker could influence — a redirect, a git directory, a temp file. The defensive work beyond the CVEs follows the same logic. Homebrew now filters sensitive environment variables during Ruby evaluation and defers HOMEBREW_* secrets to download time, so your tokens aren't sitting in scope while arbitrary formula code runs. You can also require checksums for casks via HOMEBREW_CASK_OPTS_REQUIRE_SHA.

The rest of the upgrade notes

Security dominates, but 6.0.0 isn't a one-note release.

• Internal JSON API is now the default. Previously opt-in behind HOMEBREW_USE_INTERNAL_API since 5.0.0, it bundles all metadata into a single download so brew update is faster and chattier-on-the-network less. That environment variable is now deprecated.
• Ask mode is the default for developers. brew install and brew upgrade now show a dependency summary and a confirmation prompt before touching anything — a change driven by Homebrew's user survey. Upgrades fetch together and print their summary sooner.
• brew bundle gets parallel formula installs by default, plus npm and krew extensions, wider cleanup support across npm/cargo/go/uv, and winget support on Windows.
• Performance tweaks across the board, including a roughly 30% faster brew leaves and parallelised bottle-tab fetching on upgrade.
• Initial support for macOS 27 (Golden Gate).

That last one carries a deadline. Golden Gate drops Intel support, and Homebrew's support tiers follow suit: in September 2026, macOS Intel x86_64 moves to Tier 3 — no CI, no new bottles — and in September 2027 it's unsupported entirely, with the related code deleted. If you're still building for Intel Macs, that's the clock you're now on. The long-running master-to-main branch migration also continues, with @master users getting warnings to switch to @main.

None of this requires action beyond a normal brew update, but tap trust is the one to internalize: the next time a project's install instructions ask you to tap an unfamiliar repo, Homebrew is finally going to make you say yes on purpose.