Is Homebrew safe for Mac?
Homebrew on its own acts like a command-line App Store.
- It's safe, if you know what you're downloading.
- It uses SHA256 to fingerprint the downloaded instructions as a validity / tamper detection verification check.
- It’s open, so you could validate what it’s downloading and how it works.
- It refuses to use
sudo
to intentionally be safer.
If you are concerned about downloading hijacked binaries, verify the SHA/SHA1 sum of the binary you've downloaded against the SHA/SHA1 sum published by the developer, usually on their webpage.
Despite a long track record of people not pushing malware or bad code to the system, it would be good hygiene to start validating downloads.