Automic VaultAutomic Vault

brew / Protected-Tool-Abdeckung / Rang 868

hf installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für hf in AI-Agent-Workflows.

InstallationsbefehlSicherheitshinweise

agent safety

Agent safety answer

hf controls Hugging Face model, dataset, and Space workflows.

Credential access

Reads Hugging Face tokens, cache files, repository credentials, and environment variables.

Remote mutation

Can upload, delete, and change models, datasets, and Spaces.

Publish/artifact risk

Publishes ML artifacts, datasets, and app spaces.

Recommended control

Gate upload, delete, login, repo, and token commands.

Agent-use guidance

Allow public model inspection; require approval for uploads, deletes, private repo access, and token use.

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen
sudo av install brew:hf

macOS

Homebrewverified · 100%
brew install hf

local Homebrew formula metadata

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Client library for huggingface.co hub

Befehle und Aliase

  • hf
  • huggingface-cli
  • tiny-agents

Protected-Tool-Abdeckung

Plain Text Hugging Face Token

Hugging Face Hub stores the active CLI token in ~/.cache/huggingface/token. Our isotope stores that token in the macOS keychain and injects it as HF_TOKEN only while `hf` runs.

Risk classifier

green risk · low confidence · appliance

Why

  • no executable entrypoint in the package index

Signals

  • metadata:no-indexed-executables

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 4 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Lokaler README-Auszug

huggingface-cli Protected-tool coverage

Hugging Face Hub stores the active CLI token in ~/.cache/huggingface/token.

This protected-tool coverage migrates that active token into the Automic Vault keychain and wraps hf so HF_TOKEN is present only while the CLI runs.

Caveats

  • We currently migrate the active token file only.
  • Named stored_tokens entries are not migrated.
  • Direct execution of the original binary will not receive the credentials.

Quelle: local coverage notes

Quelle der Abdeckung

Quellauszug

Caveats

  • We currently migrate the active token file only.
  • Named stored_tokens entries are not migrated.
  • Direct execution of the original binary will not receive credentials.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
hfcliglobal executable
huggingface-clicliglobal executable
tiny-agentscliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-06-10
Manager-Version1.18.0
Manager aktualisiert2026-06-06
lokale Datenok
Upstreamnot checked
neueste erkannte Versionnot detected

https://huggingface.co/docs/huggingface_hub/guides/cli

Installationsmetadaten

Paketmetadaten

Package keybrew:hf
Version1.18.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/hf
Homepagehttps://huggingface.co/docs/huggingface_hub/guides/cli
Repositoryhttps://github.com/huggingface/huggingface_hub
Upstream docshttps://huggingface.co/docs/huggingface_hub/guides/cli
LicenseApache-2.0
Source archivehttps://files.pythonhosted.org/packages/fb/d8/748ea0a47f0fa15227fe682f7a80826b4b7c096e4818044b8f56d6cb66d6/huggingface_hub-1.18.0.tar.gz
Last updated2026-06-06T12:13:07Z
Pulseupdated
Dependenciescertifi, git-lfs, libyaml, python@3.14
Build dependenciespkgconf, rust
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namehf
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandte Tools

  • python@3.14Runtime dependency declared by Homebrew.
  • git-lfsRuntime dependency declared by Homebrew.
  • pkgconfBuild dependency declared by Homebrew.
  • rustBuild dependency declared by Homebrew.

Gleicher Workflow

  • hf-mcp-serverShares av.db curated category or tags: cli, developer-tools, hugging-face, machine-learning.
  • text-embeddings-inferenceShares av.db curated category or tags: cli, developer-tools, hugging-face, machine-learning.
  • llama.cppShares av.db curated category or tags: cli, developer-tools, machine-learning.
  • pytorchShares av.db curated category or tags: cli, developer-tools, machine-learning.
  • mlxShares av.db curated category or tags: cli, developer-tools, machine-learning.
  • dvcShares av.db curated category or tags: cli, developer-tools, machine-learning.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest