Automic VaultAutomic Vault

brew / Protected-Tool-Abdeckung / Rang 9345

phylum-cli installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für phylum-cli in AI-Agent-Workflows.

InstallationsbefehlSicherheitshinweise

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen
sudo av install brew:phylum-cli

macOS

Homebrewverified · 100%
brew install phylum-cli

local Homebrew formula metadata

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Command-line interface for the Phylum API

Befehle und Aliase

  • phylum

Protected-Tool-Abdeckung

Plain Text Phylum API Token

`phylum auth login` and `phylum auth set-token` store the current API token as `auth_info.offline_access` in ~/.config/phylum/settings.yaml. Phylum also honors PHYLUM_API_KEY and a global --config path, which gives this radioisotope a wrapper boundary for temporary runtime config. Our isotope stores the API token in the macOS keychain and injects it with PHYLUM_API_KEY while `phylum` runs.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 2 build dependencies.

Lokaler README-Auszug

Phylum CLI Protected-tool coverage

Phylum CLI stores its login token in the user config file at ~/.config/phylum/settings.yaml. That token can authorize Phylum API requests and should not remain in plaintext package-owned config.

This protected-tool coverage migrates the default auth_info.offline_access token into the Automic Vault keychain and removes it from the persisted config file. The installed phylum launcher is wrapped so Automic Vault injects the token as PHYLUM_API_KEY while the command runs.

The wrapper runs Phylum with a temporary config file copied from the user's config with the stored token removed. This preserves non-secret settings while keeping the runtime token out of the user's config file.

Caveats

  • Only the default XDG config path is migrated.
  • Explicit --config files are treated as caller-managed and are not migrated.
  • Direct execution of the original binary will not receive the injected token.

Quelle: local coverage notes

Quelle der Abdeckung

Quellauszug

Caveats

  • We migrate the default ~/.config/phylum/settings.yaml file.
  • Explicit --config files are not migrated because they can represent caller-managed contexts.
  • Direct execution of the original binary will not receive credentials.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
phylumcliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-06-10
Manager-Version7.5.0
Manager aktualisiert
lokale Datenok
Upstreamcurrent
neueste erkannte Versionv7.5.0

https://github.com/phylum-dev/cli

  • infoNo package-manager update timestamp was available.low confidence

Installationsmetadaten

Paketmetadaten

Package keybrew:phylum-cli
Version7.5.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/phylum-cli
Homepagehttps://www.phylum.io
Repositoryhttps://github.com/phylum-dev/cli
Upstream docshttps://docs.phylum.io/cli/commands/phylum
LicenseGPL-3.0-or-later
Source archivehttps://github.com/phylum-dev/cli/archive/refs/tags/v7.5.0.tar.gz
Build dependenciesprotobuf, rust
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared
CaveatsNo official extensions have been preinstalled.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namephylum-cli
Aliases
  • phylum
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandte Tools

  • protobufBuild dependency declared by Homebrew.
  • rustBuild dependency declared by Homebrew.

Gleicher Workflow

  • syftShares av.db curated category or tags: cli, security, software-supply-chain.
  • cargo-auditShares av.db curated category or tags: cli, security, software-supply-chain.
  • cdxgenShares av.db curated category or tags: cli, security, software-supply-chain.
  • chainloop-cliShares av.db curated category or tags: cli, security, software-supply-chain.
  • scorecardShares av.db curated category or tags: cli, security, software-supply-chain.
  • sbom-toolShares av.db curated category or tags: cli, security, software-supply-chain.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest