Show HN: Homebrew 6.0.0

查看原文 / View Original 编辑 / Edit

Show HN: Homebrew 6.0.0

6.0.0 11 June 2026 MikeMcQuaid Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).

6.0.0 2026年6月11日 MikeMcQuaid 今天,我很荣幸地宣布 Homebrew 6.0.0 正式发布。自 5.1.0 版本以来,最显著的变化包括:全新的 Tap 信任安全机制、更快更小且默认启用的内部 Homebrew JSON API、Linux 沙盒支持、基于用户调查改进的默认设置、brew bundle 的多项优化、性能提升,以及对 macOS 27 (Golden Gate) 的初步支持。

✨ Highlights since 5.1.0

✨ 5.1.0 以来的亮点

🔐 Tap trust

🔐 Tap 信任机制

Homebrew 6.0.0 introduces tap trust. A third-party tap can contain arbitrary, unsandboxed Ruby that runs on your machine, so Homebrew now requires taps (and tap-qualified formulae and casks) to be explicitly trusted before their code is evaluated or run. This reduces the risk from malicious or compromised taps while leaving the official Homebrew taps trusted by default. See the new Tap-Trust documentation for details.

Homebrew 6.0.0 引入了 Tap 信任机制。第三方 Tap 可能包含在您的机器上运行的任意、未经沙盒处理的 Ruby 代码,因此 Homebrew 现在要求在评估或运行代码之前,必须明确信任这些 Tap(以及通过 Tap 限定的 Formula 和 Cask)。这降低了来自恶意或被篡改 Tap 的风险,同时官方 Homebrew Tap 默认保持受信任状态。详情请参阅新的 Tap-Trust 文档。

⚡ Default internal JSON API

⚡ 默认内部 JSON API

The internal JSON API is now the default, advancing the smaller API that Homebrew re-enabled and turned on for developers recently. It combines all Homebrew’s metadata into a single download, so brew updates faster and talks to the network less. It was opt-in via HOMEBREW_USE_INTERNAL_API since 5.0.0; that variable is now deprecated (see below).

内部 JSON API 现在已成为默认设置,这是 Homebrew 最近为开发者重新启用并开启的轻量级 API 的进一步推进。它将 Homebrew 的所有元数据合并为单次下载,从而使 brew update 更快,并减少了网络交互。自 5.0.0 版本以来,该功能一直通过 HOMEBREW_USE_INTERNAL_API 环境变量手动开启;该变量现已被弃用(详见下文)。

🐧 Linux sandbox

🐧 Linux 沙盒

The Linux Bubblewrap sandbox aligns Linux with macOS, where build, test and postinstall phases already run sandboxed. It is on by default for developers, Homebrew moved its macOS sandbox logic to share code, improved Linux sandbox behaviour (with Homebrew/homebrew-core setting the sandbox env in CI), hardened sandboxed install phases, sandboxed cask executable hooks, allowed logs in the build sandbox, installed Bubblewrap on hosted Ubuntu and skips sandbox setup for syntax-only jobs.

Linux Bubblewrap 沙盒使 Linux 与 macOS 保持一致,后者在构建、测试和安装后阶段已运行在沙盒中。该功能对开发者默认开启。Homebrew 迁移了 macOS 的沙盒逻辑以实现代码共享,改进了 Linux 沙盒行为(通过 Homebrew/homebrew-core 在 CI 中设置沙盒环境),强化了沙盒安装阶段,增加了 Cask 可执行钩子的沙盒化,允许在构建沙盒中记录日志,在托管的 Ubuntu 上安装了 Bubblewrap,并跳过了仅语法检查任务的沙盒设置。

⚙️ Better defaults

⚙️ 更好的默认设置

Following our Homebrew user survey, we have made many changes based on the results. The most notable is making ask mode the default for developers, so brew install and brew upgrade show a dependency summary and confirmation prompt before making changes.

根据 Homebrew 用户调查的结果,我们进行了多项改进。最显著的变化是将“询问模式”(ask mode)设为开发者的默认设置,因此在执行 brew installbrew upgrade 时,系统会在进行更改前显示依赖关系摘要并提示确认。

📦 brew bundle

📦 brew bundle

brew bundle gains many improvements, most notably parallel formula installation that now runs jobs automatically by default, plus npm and krew extensions, wider cleanup support and, on Windows, winget support.

brew bundle 获得了多项改进,最突出的是默认自动运行并行 Formula 安装任务,此外还增加了 npm 和 krew 扩展、更广泛的清理支持,以及在 Windows 上的 winget 支持。

🏎️ Performance

🏎️ 性能提升

Homebrew is faster across the board, with startup performance tweaks, a ~30% faster brew leaves, parallelised bottle tab fetching on upgrade and less work loading Ruby libraries at startup.

Homebrew 在各方面都变得更快,包括启动性能优化、brew leaves 速度提升约 30%、升级时并行获取 Bottle 标签,以及减少了启动时加载 Ruby 库的工作量。

🍎 macOS 27 (Golden Gate)

🍎 macOS 27 (Golden Gate)

Homebrew adds initial support for macOS 27 (Golden Gate).

Homebrew 增加了对 macOS 27 (Golden Gate) 的初步支持。

🔮 Upcoming changes

🔮 未来变更

macOS 27 (Golden Gate) drops Intel support, so per our Support Tiers: in September 2026, macOS Intel x86_64 moves to Tier 3 with no CI support and no new bottles (binary packages) built for macOS Intel; in September 2027, macOS Intel x86_64 will be unsupported entirely and all related code deleted.

macOS 27 (Golden Gate) 放弃了对 Intel 的支持。根据我们的支持分级:2026 年 9 月,macOS Intel x86_64 将降级至 Tier 3,不再提供 CI 支持,也不再为 macOS Intel 构建新的 Bottle(二进制包);2027 年 9 月,macOS Intel x86_64 将完全停止支持,所有相关代码将被删除。

🔒 Security

🔒 安全性

Homebrew published three security advisories regarding download strategy redirects, root code execution via Git hooks, and macOS installer plist handling.

Homebrew 发布了三项安全公告,分别涉及下载策略重定向、通过 Git 钩子执行 Root 代码,以及 macOS 安装程序 plist 处理问题。

🗑️ Deprecations

🗑️ 弃用说明

Homebrew deprecates default opt-ins. Homebrew deprecates now-default bundle and internal API environment variables such as HOMEBREW_BUNDL…

Homebrew 弃用了默认的“选择加入”机制。Homebrew 弃用了现已成为默认设置的 bundle 和内部 API 环境变量,例如 HOMEBREW_BUNDL

← 返回新闻列表 / Back to news list