Automic VaultAutomic Vault

brew / Approval Gates

gh mit Homebrew, chocolatey, apt, dnf, MacPorts, Nix, zypper, scoop, winget installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für gh in AI-Agent-Workflows.

Agent-Sicherheit

Antwort zur Agent-Sicherheit

gh is the GitHub control-plane CLI for repositories, releases, issues, and authenticated developer state.

Credential-Zugriff

Reads GitHub CLI tokens and can print or use them for API calls.

Änderungen an Remote-Zustand

Can modify repositories, pull requests, releases, secrets, and organization state.

Publish-/Artefakt-Risiko

Can create releases, upload assets, and trigger release automation.

Empfohlene Kontrolle

Use GitHub token protection plus approval gates for write and token-display commands.

Hinweise für Agent-Nutzung

Permit status and read-only queries; require approval for token output, release creation, repo writes, and workflow dispatch.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install gh

local Homebrew formula metadata

MacPortsverifiziert · 94%
sudo port install gh

MacPorts ports tree · devel/gh/Portfile · Quelle: api.github.com

Linux

Debian aptverifiziert · 92%
sudo apt install gh

Debian stable package indexes · gh · Quelle: deb.debian.org

Fedora dnfverifiziert · 92%
sudo dnf install gh

Fedora Rawhide package metadata · gh · Quelle: dl.fedoraproject.org

Nixverifiziert · 92%
nix profile install nixpkgs#gh

nixpkgs package indexes · pkgs/by-name/gh/gh/package.nix · Quelle: api.github.com

openSUSE zypperverifiziert · 92%
sudo zypper install gh

openSUSE Tumbleweed package metadata · gh · Quelle: download.opensuse.org

Windows

Chocolateyverifiziert · 92%
choco install gh

Chocolatey community package catalog · gh · Quelle: community.chocolatey.org

Scoopverifiziert · 92%
scoop install main/gh

Scoop official bucket manifest trees · bucket/gh.json · Quelle: api.github.com

Windows Package Managerverifiziert · 92%
winget install --id GitHub.cli -e

Windows Package Manager source index · GitHub.cli · Quelle: cdn.winget.microsoft.com

Überblick

Paketzusammenfassung

GitHub command-line tool

Verlauf

Projektgeschichte und Nutzung

GitHub CLI, invoked as `gh`, is GitHub's official command-line tool for working with pull requests, issues, repositories, releases, Actions, authentication, and GitHub API data from a terminal.

Projektgeschichte

GitHub created the cli/cli repository in October 2019 and opened the project as a new official CLI distinct from the older community `hub` tool. GitHub announced the beta in February 2020 and released GitHub CLI 1.0 in September 2020.

The README frames `gh` as a standalone tool that brings GitHub concepts next to `git` and source code work. The project grew into a cross-platform Go CLI with first-party manuals, release binaries, package repositories, GitHub Enterprise support, extension support, API helpers, and later supply-chain features such as build provenance attestations for release artifacts.

Adoptionsgeschichte

GitHub CLI has broad adoption because it is distributed through GitHub's own package repositories and release binaries, package managers such as Homebrew and WinGet, and GitHub-hosted Actions runner images. Its first-party status made it a standard automation interface for GitHub workflows in shells and CI jobs.

Wie es verwendet wird

Practitioners use `gh` to create and review pull requests, triage issues, clone and browse repositories, trigger or inspect Actions workflows, manage releases and gists, authenticate to GitHub hosts, call the GitHub API, and script repository operations without leaving the command line.

Warum Paket-Nerds sich dafür interessieren

For package and automation ecosystems, `gh` is important because it gives GitHub an official, versioned executable surface. Package maintainers can depend on consistent commands across macOS, Linux, and Windows, while CI authors can use a preinstalled or easily installed binary instead of hand-rolling API calls.

Zeitleiste

  • 2019: The cli/cli repository was created.
  • 2020: GitHub announced GitHub CLI beta.
  • 2020: GitHub CLI 1.0.0 was published.
  • 2024: The README records release build provenance attestations beginning with version 2.50.0.

Related projects

  • The README compares GitHub CLI with `hub`, noting that `hub` behaves as a proxy to `git` while `gh` is a standalone tool for GitHub workflows.

Approval Gates

Metadaten für menschliche Prüfung riskanter Befehle

Der lokale Approval-Gate-Seed enthält 7 Regeln für gh. Abgedeckte Einstiegspunkte: gh. Schweregrade: kritisch, hoch. Abdeckung: partial, geprüft am 2026-05-21.

Beispiele für gated Aktionen

  • Print the active GitHub authentication token.
  • Create or refresh local GitHub authentication state.
  • Delete a GitHub repository.
  • Change repository settings, visibility, topics, or metadata.
  • Merge a pull request.
  • Create, upload to, edit, or delete GitHub releases.
  • Trigger a GitHub Actions workflow.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
$XDG_CONFIG_HOME/gh/config.yml~/.config/gh/config.yml
Windows
%AppData%\GitHub CLI\config.yml

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
$XDG_CONFIG_HOME/gh/hosts.yml~/.config/gh/hosts.yml
Windows
%AppData%\GitHub CLI\hosts.yml

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
ghcliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-10
Manager-Version2.96.0
Manager aktualisiert2026-07-03
lokale DatenOK
Upstreamaktuell
neueste erkannte Versionv2.96.0

https://github.com/cli/cli

  • OKEs wurden keine Aktualitätswarnungen generiert.

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:gh
Version2.96.0
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/gh
Homepagehttps://cli.github.com/
Repositoryhttps://github.com/cli/cli
Upstream-Dokumentationhttps://cli.github.com/manual/gh
LizenzMIT
Quellarchivhttps://github.com/cli/cli/archive/refs/tags/v2.96.0.tar.gz
Zuletzt aktualisiert2026-07-03T00:29:16Z
Pulseupdated
Build-Abhängigkeitengo
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegh
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Debian apt95%

gh 2.46.0-3

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: utils
  • Architecture: amd64
  • 1 Abhängigkeiten
  • normalized package name match
  • Abgeglichen nach: Gh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: gh from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

gh

nix profile install nixpkgs#gh
  • normalized package name match
  • Abgeglichen nach: Gh
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gh/gh/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

gh 2.45.0-1build1

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: universe/utils
  • Architecture: amd64
  • 1 Abhängigkeiten
  • normalized package name match
  • Abgeglichen nach: Gh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: gh from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

gh 2.93.0-1.fc45

GitHub's official command line tool

https://github.com/cli/cli

sudo dnf install gh
  • License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 AND Unlicense
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 4 Abhängigkeiten
  • 2 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Gh
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: gh from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
zypper95%

gh 2.93.0-1.1

The official CLI for GitHub

https://cli.github.com/

sudo zypper install gh
  • License: MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 2 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-bash-completion 2.93.0-1.1

Bash Completion for gh

https://cli.github.com/

sudo zypper install gh-bash-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 2 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-fish-completion 2.93.0-1.1

Fish completion for gh

https://cli.github.com/

sudo zypper install gh-fish-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-zsh-completion 2.93.0-1.1

ZSH Completion for gh

https://cli.github.com/

sudo zypper install gh-zsh-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

gh

sudo port install gh
  • normalized package name match
  • Abgeglichen nach: Gh
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/gh/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

gh

choco install gh
  • normalized package name match
  • Abgeglichen nach: Gh
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: gh from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','gawk'
Scoop95%

main/gh

scoop install main/gh
  • normalized package name match
  • Abgeglichen nach: Gh
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/gh.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

GitHub.cli

winget install --id GitHub.cli -e
  • normalized package name match
  • Abgeglichen nach: Gh
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: GitHub.cli from https://cdn.winget.microsoft.com/cache/source.msix

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Combined YAML source

View the package source record on GitHub.

combined/gh.yml

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment